29
xJust
looking for the common problems can be incredibly difficult
and time consuming. For instance, even
though buffer overflows are a well-understood, straightforward problem,
in plenty of instances they’ve remained in heavily audited
code for years.
xThe
commercial world has better analysis tools available. (Clearly, “eyeballs
aren’t enough”!)
xCustomer
pressure is starting to have a big impact on development
processes. For example, for the past
two years Microsoft has made a dramatic effort toward improving
software security throughout the organization.
xOpen
source can prevail, but needs:
•Process
•Security
awareness across the board
•Independent,
third-party auditing