News

Businesses cannot rely on software suppliers for security, says Imperva

Warwick Ashford

This month's huge Microsoft Patch Tuesday security update proves the limits of the software company's programme for secure software development, claims data security firm Imperva.

This week, Microsoft released a record number of patches in its monthly update aimed at fixing 34 vulnerabilities.

"If Microsoft has to issue this many patches, then it is obvious that its Security Development Lifecycle (SDL), while important, is imperfect," said Amichai Shulman, chief technology officer at Imperva.

"No matter how much quality assurance you throw at the SDL process, there is a limit to the effect you can have on the quality of the software application.

The SDL is part of Microsoft's Trustworthy Computing initiative adopted in 2002 to improve the security of its products.

According to Shulman, what has happened to Microsoft is likely to start happening to other software vendors, as more complex applications are released.

The prudent use of an SDL can improve the quality of software, and the security of the information its processing, but the threat landscape is extremely dynamic, he said.

"Companies must have defensive technologies in place to combat immediate threats that SDLs simply cannot cover," he said.


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy