Swipe to navigate through the chapters of this book
Prosecution of cybercrimes is becoming more effective, but it still has many challenges. The computer industry has not been idle. The Twenty-first Century marked the identification of security as critical to the progress of the computer industry. Industry leaders acknowledged that lack of security and the rise of cybercrime would halt the advance of computing. The response was dramatic. Security and dependability became bywords. The entire development process was rethought to build security into allsoftware. The result has been more secure software and establishment of processes and institutions aimed at making cybercrime difficult or impossible. Securing the software base is a work in progress against an army of intelligent and inspired criminals, but software is becoming more secure.
Please log in to get access to this content
To get access to this content you need the following product:
“Memo from Bill Gates,” January 15, 2002. https://news.microsoft.com/2012/01/11/memo-from-bill-gates/ . Accessed September 2016.
The latest version can be downloaded at www.microsoft.com/en-us/download/details.aspx?id=29884 . Accessed September 2016.
For an overview of published process guidelines see Noopur Davis, “Secure Software Development Life Cycle Processes,” Department of Homeland Security, Build Security In, Setting a Higher Standard For Software Assurance, July 13, 2013. https://buildsecurityin.us-cert.gov/articles/knowledge/sdlc-process/secure-software-development-life-cycle-processes#tsp . Accessed September 2016.
A bespoke application is written specifically for a given customer. Large enterprises often have bespoke applications that are written in house or by third parties to address the enterprise’s unique requirement. Sometimes, a bespoke application is a commercial off-the-shelf (COTS) product that has been modified to meet special requirements. Bespoke applications often cause extra expense and security issues because the issues are unique and not identified or mitigated in the industry-wide environment.
For more details about the CVE organization see Common Vulnerabilities and Exposures, “About CVE,” http://cve.mitre.org/about/ . Accessed September 2016.
See “ITU-T Recommendations, ITU-T X.1520 (04/2011),” April 20, 2011. www.itu.int/ITU-T/recommendations/rec.aspx?rec=11061 . Accessed September 2016.
The details are in the following: Vulnerability Notes Database, “Vulnerability Note VU#21781,” July 29, 2016. www.kb.cert.org/vuls/id/217871 . Accessed September 2016. Nightwatch Cybersecurity, “ Advisory: Intel Crosswalk SSL Prompt Issue [CVE 2016-5672],” July 29, 2016. wwws.nightwatchcybersecurity.com/2016/07/29/advisory-intel-crosswalk-ssl-prompt-issue/. Accessed September 2016.
National Vulnerability Database. “Vulnerability Summary for CVE-2016-5672,” July 31, 2016. https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-5672 , and “Crosswalk security vulnerability,”
https://blogs.intel.com/evangelists/2016/07/28/crosswalk-security-vulnerability/ . Accessed September 2016.
Don’t confuse Microsoft Control Flow Guard with network flow control, which addresses network congestion problems. The two are very different.
- What Has the Industry Done?
- Sequence number
- Chapter number
- Chapter 8