Businesses cannot rely on software suppliers for security, says Imperva


Businesses cannot rely on software suppliers for security, says Imperva

Warwick Ashford

This month's huge Microsoft Patch Tuesday security update proves the limits of the software company's programme for secure software development, claims data security firm Imperva.

This week, Microsoft released a record number of patches in its monthly update aimed at fixing 34 vulnerabilities.

"If Microsoft has to issue this many patches, then it is obvious that its Security Development Lifecycle (SDL), while important, is imperfect," said Amichai Shulman, chief technology officer at Imperva.

"No matter how much quality assurance you throw at the SDL process, there is a limit to the effect you can have on the quality of the software application.

The SDL is part of Microsoft's Trustworthy Computing initiative adopted in 2002 to improve the security of its products.

According to Shulman, what has happened to Microsoft is likely to start happening to other software vendors, as more complex applications are released.

The prudent use of an SDL can improve the quality of software, and the security of the information its processing, but the threat landscape is extremely dynamic, he said.

"Companies must have defensive technologies in place to combat immediate threats that SDLs simply cannot cover," he said.

Email Alerts

Register now to receive IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

COMMENTS powered by Disqus  //  Commenting policy