We recently sat down with Dan Guido, CEO and Co-Founder of Trail of Bits at SOURCE Boston 2012, to get his views on topics related to application security. In the first of a three part segment, Dan's commentary focuses on vulnerabilities in general. You can watch the interview here.

 

We've also included a short recap of highlights of the interview in this post.

How can organizations better communicate around vulnerabilities?

Dan details the behavioral problem that exists in most organizations today when vulnerabilities are found in software. He notes that organizations are very concerned about individual vulnerabilities, not as much about the reasons as to why the vulnerabilities exist. Dan notes that mitigation efforts should be focused around classes of vulnerabilities, not the individual vulnerabilities that are found.

Which vulnerabilities matter most on the web?
Dan talks about the disparity between the vulnerabilities that the security industry focuses on vs. vulnerabilities that hackers care about. He further goes on to mention that vulnerabilities that matter most on the web are the ones that gain the hacker a shell on a server, like SQL Injection or remote command execution.

Should different businesses focus on different vulnerabilities?
Dan focuses on the vulnerabilities organizations should care about, depending on the type of business model they use. For instance, a service provider whose customers have individual user accounts or a social networking websites like Facebook should care about Cross-site scripting (XSS). On the other hand, SQL Injection attacks have increased in frequency, and should be on every organization’s watch list.

Stay tuned for more sessions with Dan Guido which we will be showcasing next week on our blog.

About Niru Raghavan

Niru Raghavan joined the Veracode team in late 2011 as an Acquisition Marketing Manager. In this role, Niru is responsible for demand generation and program management primarily for online marketing programs. Prior to joining Veracode, Niru held positions of increasing responsibility at Liberty Mutual and Staples, successfully planning and implementing sophisticated online and offline marketing initiatives. She has managed product development efforts, launch activities and online marketing programs geared toward mid to large sized businesses in select vertical markets. Her specialties include product marketing, marketing strategy, and market research/analysis. She is also a keen web analytics enthusiast and Occam’s Razor by Avinash Kaushik is her all time favorite blog.

Comments (0)

Please Post Your Comments & Reviews

Your email address will not be published. Required fields are marked *


Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.