McCabe Advises Homeland Security on the Complex Issue of Software Risk

Printer-friendlyE-mail this news to a friendYour comment

Discussion of Software Quality Metrics Risk Opens Eyes at Annual DHS/DoD Forum

Tom McCabe, Jr. of McCabe Software, Inc. had the pleasure of speaking at the annual DHS-DOD Software Assurance Forum in Fairfax, VA last week.

McCabe brought his 20+ years of experience to the fore while pointing out that the keys to eliminating software vulnerability lie in the use of software complexity metrics, measuring control flow integrity and conducting sneak path analysis.

"There are no silver bullets when it comes to security metrics. Many of the issues surrounding security analysis are intertwined with fundamental software engineering principles,” says McCabe. "Metrics such as the Relative Attack Surface Quotient (RASQ) from Microsoft, should be used in conjunction with traditional metrics that enable us to understand software and test it. Complexity, object-oriented metrics, and other metrics that help us understand the characteristics of our codebase are certainly relevant to software security. Software testing and code coverage metrics are also very relevant.”

"Most exploits are about interactions: interactions between code statements, interactions between data and control flow, interactions between modules, interactions between your codebase and library routines, and interactions between your code and attack surface modules. Being cognizant of paths and subtrees within code is crucial for determining sneak paths, impact analysis, and testing to verify control flow integrity.”

"For many years experts have been saying that software complexity is the worst enemy of security,” says David Belhumeur, McCabe Software’s CEO. "We must always be concerned about the vulnerability of critical software applications, especially when it could affect national security. Failure to uncover complexity, which is the root of vulnerability, could have dire consequences.”

08.02.2008, McCabe Software, Inc.




Comments on this news 


Write your comment on this news

Subscribe to the newsletter

Never miss a story and stay informed with our newsletter.
Your email:  
RSS-Feed: All current newsOur News on your website

More current news

What did the hackers do while you were on holidays?
Nuance Enables Secure Customer Service Through Voice Biometric Deployment Best Practice
Web Filtering Company Bloxx Warns Of the Dangers Of Anonymous Proxies as Kids Return to School
BullGuard Teams with SteelSeries to Introduce Advanced Security for Gamers
Securadigm Expands Security Offering with Applicure’s dotDefender

News on other topics

Pironet NDH Launches New Partner Initiative for Content Solutions
Infoteam’s New Look features contentXXL CMS
Pironet NDH new SAP Software Solution Partner in the SAP PartnerEdge Program
Four in one fell swoop: NZZ Media Group from Switzerland re-launches Intranet Portal with contentXXL
Deutsche Messe soon to run Intershop software

Erotik Fotografen
© 1999-2008 FEiG & PARTNER | Disclaimer
The Content Management PortalThe Document Management PortalThe IT Security PortalThe Customer Relationship Management PortalThe E-Commerce PortalThe Enterprise Resource Planning PortalPortal on VoIP and mobile communication The directory of Clinic IT SolutionsThe directory for IT professionals
homeimprintprivacy policycontactadvertising

know how
virus, malware & spam
topics & trends
case studies
security culture
roundtables
it law
compliance & governance
studies & market
data security
safety engineering
mobile security
industrial security
risk management
biometric
exhibitions
firewall & vpn
content & web security
archive
search

news
current news
news archive
search
our news on your website

events
calendar

security alerts
security alerts
virus map

Quick search