Coding errors in software products provide easy paths of entry for online criminals, who can exploit vulnerabilities to compromise systems or launch additional attacks and malware. As reported in the Cisco 2015 Midyear Security Report, certain types of coding errors consistently appear on lists of most common vulnerabilities. This raises an important question for vendors and security professionals: If the same coding errors are identified year in and year out, why aren’t these errors being mitigated?
Buffer errors, input validation, and resource errors are usually among the most common coding errors exploited by criminals, according to the list of Common Weakness Enumeration (CWE) threat categories. As we explain in the Midyear Security Report, the likely culprit is the lack of sufficient attention paid to security during the product development lifecycle. In many cases, vendors wait until products come to market, and only then resolve vulnerabilities. However, this process should be reversed. Vendors should build security safeguards and conduct vulnerability testing during product development, in order to lessen the chance that criminals can profit – and customers can suffer.
Read More »
Tags: 2015 midyear security report, Cisco Midyear Security Report, MSR, open source, security
We introduced OpenAppID in early 2014 with the goal of empowering customers and the open source community to control application usage in their network environments. Since then, we have increased our coverage from 1,000 OpenAppID detectors to more than 2,600, and have received valuable feedback from the community on ways to improve the product.
The case of having an open, application-focused detection language and processing module for Snort has attracted the attention of the Internet of Everything (IoE) world. There are countless devices out there using the Internet on their own, varying from a remote IP based camera to an industrial based sensor in which may include some security features on them.
With the combination of OpenAppID and Snort we are giving the capability to the open source community to create their own application-based protocols and classifications, which can be used to Read More »
Tags: IoE, IPS, open source, OpenAppID, security, Snort, Sourcefire
Lots of excitement and energy continue to surround NFV (Network Function Virtualization), and it is getting even better. During the charged atmosphere at the inaugural NFV Congress in San Jose, we were delighted by more than just technology posturing, including the availability of SDN (Software Defined Networking)/NFV platforms like Cisco’s Virtual Managed Services Solution that enable Deutsches Telekom’s International CloudVPN, and Telstra’s Symphony initiative for Unified On-Demand services.
The focus of the discussions this year shifted from cost cutting towards how NFV Read More »
Tags: business transformation, Cisco, data center, epn, esp, evolved programmable network, evolved services platform, Intel, network function virtualization, network functions virtualization, NFV, open source, SDN, Service Provider, software defined network, virtual managed services
Many years ago I found myself talking to venture capitalists about the differences between SaaS, outsourcing, ASPs, MSPs, online applications; etc. Also I noticed that my Stanford students had little understanding of the economics of software, so I developed the idea of seven business models to cover everything in the software business, and remove the buzzwords and replace them with economic models.
In my previous blog post we discussed the first four models, this post will cover Models Five through Seven.
We ended the last blog talking about Model Four being able to provide management of the security, availability, performance and change of the software at nearly 10x less cost.
The question we left with was “how”?
How is it possible to decrease the cost of management without just paying people a fraction of what they made previously?
Read More »
Tags: business models, CIO, Cloud Computing, isv, on-premise, open source, outsourcing, SaaS
Many years ago I found myself talking to a venture capitalist about the differences between SaaS, outsourcing, ASPs, MSPs, online applications; etc. Also I noticed that my Stanford students had little understanding of the economics of software, so I developed the idea of seven business models to cover everything in the software business, remove the buzzwords and replace them with economic models.
In my previous post, I talked about the Seven Ways to Move to the Cloud. In the second issue (there’s a lot here), I’ll break this into two separate posts, discussing models one through four here, and models five through seven in the next issue publishing on Monday, March 2.
Note the dollar numbers used throughout are intended to be relatively representative.
Read More »
Tags: business models, CIO, Cloud Computing, on-premise, open source, outsourcing, SaaS