Select your localized edition:

Close ×

More Ways to Connect

Discover one of our 28 local entrepreneurial communities »

Be the first to know as we launch in new countries and markets around the globe.

Interested in bringing MIT Technology Review to your local market?

MIT Technology ReviewMIT Technology Review - logo

 

Unsupported browser: Your browser does not meet modern web standards. See how it scores »

Lulzsec has used SQL injection to target the PBS.org website and computers belonging to Sony BMG, among many others over the past 50 days. Anonymous, which is known for its politically motivated attacks, has used the same technique to attack HBGary Federal, retaliating for the company CEO’s claims that he had unmasked key members of its group.

MITRE hopes that its list and tools will help businesses secure their software. “The big problem we’ve continuously run into is a lot of business leaders don’t understand the role software plays in their enterprise,” says Martin. For example, Sony, which has been subjected to repeated hacks in recent months, has been accused of lax security.

Because of this, MITRE also released a new version of its Common Weakness Risk Analysis Framework, software that helps businesses automatically select and prioritize the weaknesses most likely to bite them. It does this in part by putting weaknesses in context, sketching out industry-specific scenarios that help leaders understand exactly what role an application plays in the enterprise, and how a breach could affect them.

The system can help a business discover “what kind of failure is the worst for your application given what it’s doing for your business,” says Martin. “That doesn’t change what attackers are going for, but it does change where you prioritize.”

Many of the problems identified by MITRE have been around for a long time, but that doesn’t make them any less dangerous, says Jeremiah Grossman, founder and chief technology officer of WhiteHat Security, a company that helps website owners secure their sites. Grossman was one of the security experts surveyed by MITRE.

To make websites more secure, Grossman says, it is important to deal with all the vulnerabilities that are already out there.

“Rewriting the Web is probably impractical,” he jokes, adding,  that what a website is vulnerable to has a lot to do with when it was coded.

“Tons of tools and guidance are already out there,” Grossman says. “It’s adoption that we need.” He adds that companies need to look at improving their software, and believes that the Department of Homeland Security can use its muscle and purchasing power to pressure companies to secure code against the most dangerous errors.

1 comment. Share your thoughts »

Tagged: Computing, Web, security, software, bugs, MITRE

Reprints and Permissions | Send feedback to the editor

From the Archives

Close

Introducing MIT Technology Review Insider.

Already a Magazine subscriber?

You're automatically an Insider. It's easy to activate or upgrade your account.

Activate Your Account

Become an Insider

It's the new way to subscribe. Get even more of the tech news, research, and discoveries you crave.

Sign Up

Learn More

Find out why MIT Technology Review Insider is for you and explore your options.

Show Me