Avoiding The Top Ten Software Security Design Flaws

The Silver Bullet

silverbulletlogo-235x140

Gary talks with Jim Del Grosso (Cigital), Yoshi Kohno (University of Washington), and Christoph Kern (Google) in a roundtable devoted to the new IEEE Computer Society Center for Secure Design. Participants discuss the Center's origin, why design flaws are more difficult to fix than implementation bugs, design flaws in automobile design, and how the top 10 most common flaws recently published by the Center for Secure Design were compiled.
Listen now

Hear more interviews with security experts

SilverBulletEpisode100StillFrame

Watch the landmark 100th Silver Bullet episode, featuring an interview with security experts about the state of software security and its evolution in the past decade, frameworks and code analysis, the forthcoming IEEE Center for Secure Design, mobile security, and more.

What's New

Dr. Greg Shannon Named Chair of the IEEE Cybersecurity Initiative.

Pulling Back the Curtain on Software Development
Join (ISC)2 and Jim DelGrosso Nov. 21, 1 pm for insight in the early and middle stages of the software development lifecycle process.

IEEE Cybersecurity Initiative:
Call for Contributions
Building Code for Medical Device Software Security

News Briefs
The latest security and privacy news.
Read more »

Featured Article

A Denial of Service Attack to UMTS Networks: Using SIM-Less Devices from Transactions on Dependable and Secure Computing
A fundamental security element in cellular networks is the authentication procedure performed by means of the Subscriber Identity Module (SIM) which is required to grant access to network services and, hence, protect the network from unauthorized usage.

We present a new kind of denial-of-service attack based on properly crafted SIM-less devices that, without any kind of authentication and by exploiting some specific features and performance bottlenecks of the UMTS network attachment process, are potentially capable of introducing significant service degradation up to disrupting large sections of the cellular network coverage.

Read more (pdf) »