TechTarget

Businesses cannot rely on software suppliers for security, says Imperva

This month's huge Microsoft Patch Tuesday security update proves the limits of the software company's programme for secure software development, claims...

This month's huge Microsoft Patch Tuesday security update proves the limits of the software company's programme for secure software development, claims data security firm Imperva.

This week, Microsoft released a record number of patches in its monthly update aimed at fixing 34 vulnerabilities.

"If Microsoft has to issue this many patches, then it is obvious that its Security Development Lifecycle (SDL), while important, is imperfect," said Amichai Shulman, chief technology officer at Imperva.

"No matter how much quality assurance you throw at the SDL process, there is a limit to the effect you can have on the quality of the software application.

The SDL is part of Microsoft's Trustworthy Computing initiative adopted in 2002 to improve the security of its products.

According to Shulman, what has happened to Microsoft is likely to start happening to other software vendors, as more complex applications are released.

The prudent use of an SDL can improve the quality of software, and the security of the information its processing, but the threat landscape is extremely dynamic, he said.

"Companies must have defensive technologies in place to combat immediate threats that SDLs simply cannot cover," he said.

CW+

Features

Enjoy the benefits of CW+ membership, learn more and join.

Read more

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close