Posted by: Troy Tate
application development, information security, infosec, infosec awareness, malicious software, malware, Microsoft, Microsoft Windows, web application development
Go ahead and report why your system crashed – send Microsoft the exploit code you are working on. As most Windows users know, you can send Microsoft details about what caused a system crash. In some cases hackers respond yes and their exploit code is sent to Microsoft according to a recent presentation at Microsoft Tech.Ed 2010.
I find this article humorous but at the same time frustrating with the comment about current threats:
… the top hacking methods of cross-site scripting and SQL injection had not changed in the past six years.
“One, it tells me that the bad guys go with what they know, and two, it says the developers aren’t listening”
How should this message be delivered to developers? Why are these threats still showing up in the top 5? If you are a developer or a CISO, let me and other ITKE readers know how you handle these security issues. Thanks for reading and let’s continue to be good network citizens.