Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Bumper patch update proves ineffectiveness of SDLC

Imperva : 16 October, 2009  (Technical Article)
Imperva comments on the latest patch release from Microsoft which it believes is testimony to a lack of robustness within the Software Development Lifecycle
With no less than 34 security vulnerabilities - eight of them potentially serious - having been solved in the latest `super' Patch Tuesday by Microsoft, this proves we are reaching the limits of the Software Development Life Cycle (SDLC) planning process, says Imperva, the data security specialist.

'Even with the resources that it has, if Microsoft has to issue this many patches for its security updates - breaking the record set back in June - then it's obvious that the Software Development Life Cycle (SDLC), while important, is imperfect,' said Amichai Shulman,

'The fact that Microsoft has broken its own Patch Tuesday record suggests that the software giant has reached the inherent limits of real world software debugging processes,' he added.

According to Shulman, the law of big numbers - when applied to the lines of program code in a major application - gives us a non-zero prediction as to the number of software flaws per 1,000 lines of program code.

What this means, he says, is that no matter how much quality assurance you throw at the SDLC process, there is a limit to the effect you can have on the quality of the software application.

And, he explained, what has happened to Microsoft is likely to start happening to other software vendors, as more complex applications are released.

"The prudent use of an SDLC can improve the quality of software, and the security of the information its processing," explained Shulman. 'But the threat landscape is extremely dynamic. Companies must have defensive technologies in place to combat immediate threats that SDLCs simply can't cover."
Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo