Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

How to measure security of SW?

O

oneputts

macrumors newbie
Original poster
Nov 27, 2003
3
0
Sweden
Is there a way of measuring the security level, absolute or relative, for software in general and an OS specifically? For the latter, is there a basic difference in this respect for Mac OS, Windows OS..., Linux OS, etc.? I want to learn how to measure and record the security level for example before and after patching. Also the patch itself is of interest. - Is there any research going on addressing measuring of SW security?

Lennart Damm
Mobile Internet Security Analysis & Synthesis
OnePuttSolutions.com
 
i'm not quite sure what you mean. are you talking about software being vulnerable to hacking? as in being used as a 'backdoor' to your machine?
 
Re: How to measure security of SW?

Originally posted by oneputts
Is there a way of measuring the security level, absolute or relative, for software in general and an OS specifically? For the latter, is there a basic difference in this respect for Mac OS, Windows OS..., Linux OS, etc.? I want to learn how to measure and record the security level for example before and after patching. Also the patch itself is of interest. - Is there any research going on addressing measuring of SW security?

Lennart Damm
Mobile Internet Security Analysis & Synthesis
OnePuttSolutions.com
Click to expand...

The main problem is that security holes (the hard ones anyway) are typically "the place we didn't think of", and anything designed to test security will only test the ways the designer can think of.
 
SW security

Originally posted by cb911
i'm not quite sure what you mean. are you talking about software being vulnerable to hacking? as in being used as a 'backdoor' to your machine?
Click to expand...

Yes, but that´s only the tip of the iceberg. All SW and data (video, pictures, music) installed or loaded down/up is a potential security risk for an Internet based system. It does not have to be a hacker doing this, in fact it is the exception. We are talking planning, design,..., operation processes here. And - how do we measure the increase or decrease of security in a system or computer?

A trivial example, a well-konwn issue: Avoid (some/all) buffer overflow (attack or user mishap or bug) by using best practice non-pointer SW design methods.
 
Re: Re: How to measure security of SW?

Originally posted by Catfish_Man
The main problem is that security holes (the hard ones anyway) are typically "the place we didn't think of", and anything designed to test security will only test the ways the designer can think of.
Click to expand...

This is one key issue. How do we test security? Or security level? This should be addressed already on the idea stage of product development.

The other key issue here is that any upgrade/update avoided is an improvement of security, no matter what system we talk about. Each needed upgrade must be handled as a "new product" when it comes to security.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back