NSA, DHS, Industry Gang Up on Dangerous Software Errors - NSA/CSS

Skip All Menus Skip Top Menu

Top Navigation Menus

Skip Information Assurance Menus

Information Assurance Menu

Information Assurance About IA at NSA Partners Rowlett Awards Award Recipients Background Nomination Procedures Links IA Client and Partner Support IA News IA Events IA Mitigation Guidance Media Destruction Guidance Security Configuration Guides Applications Archived Guides Cisco Router Guides Database Servers Fact Sheets Industrial Control Systems (ICS) IPv6 Operating Systems Supporting Documents Switches VoIP and IP Telephony Vulnerability Technical Reports Wireless System Level IA Guidance TEMPEST Overview TEMPEST Products: Level I Certified Confirmed Deficiencies Suspended Terminated No Longer Produced TEMPEST Products: Level II Certified Confirmed Deficiencies Suspended Terminated No Longer Produced TEMPEST Company POCs Certified Suspended Terminated Trusted Computing IA Academic Outreach National Centers of Academic Excellence in IA Education CAE/IAE Program Criteria CAE-R Program Criteria Colloquium Institutions SEAL Program Applying FAQs IA Courseware Evaluation Program Institutions FAQs Student Opportunities IA Business and Research IA Business Affairs Office Certified Product Sales and Support Commercial COMSEC Evaluation Program Commercial Satellite Protection Program Independent Research and Development Program User Partnership Program Partnerships with Industry NIAP and COTS Product Evaluations IA Programs Commercial Solutions for Classified Program Global Information Grid High Assurance Platform HAP Technology Overview HAP Technology Partner Program HAP Resource Library Inline Media Encryptor Suite B Cryptography NSA Mobility Program IA Careers Contact Information	Skip Search Box Searchbox "NSA, DHS, Industry Gang Up on Dangerous Software Errors" Business Week "Computer security experts have warned for years that the endless cycle of software flaws and exploits will only be broken when we create incentives for software authors and publishers to get it right. On January 12 (2009), the industry took a potentially important step toward that goal when a broad coalition of companies, government agencies, academics, and advocacy groups launched a program to assure that software is free of 25 common errors that lead to the bulk of security problems." The program was developed jointly by the SANS Institute and MITRE, with backing from the National Security Agency's (NSA's) Information Assurance Directorate (IAD) and the Department of Homeland Security (DHS), the article said. In SANS Institute's press release of January 12, NSA's Tony Sager commented on the program's significance; "The publication of a list of programming errors that enable cyber espionage and cyber crime is an important first step in managing the vulnerability of our networks and technology. There needs to be a move away from reacting to thousands of individual vulnerabilities, and to focus instead on a relatively small number of software flaws that allow vulnerabilities to occur, each with a general root cause. Such a list allows the targeting of improvements in software development practices, tools, and requirements to manage these problems earlier in the life cycle, where they can be solved on a large scale and cost-effectively."
	Date Posted: Nov 19, 2009 \| Last Modified: Nov 19, 2009 \| Last Reviewed: Nov 19, 2009

bottom