Avoiding The Top Ten Software Security Design Flaws

The Silver Bullet


Gary talks with Jim Del Grosso (Cigital), Yoshi Kohno (University of Washington), and Christoph Kern (Google) in a roundtable devoted to the new IEEE Computer Society Center for Secure Design. Participants discuss the Center's origin, why design flaws are more difficult to fix than implementation bugs, design flaws in automobile design, and how the top 10 most common flaws recently published by the Center for Secure Design were compiled.
Listen now

Hear more interviews with security experts


Watch the landmark 100th Silver Bullet episode, featuring an interview with security experts about the state of software security and its evolution in the past decade, frameworks and code analysis, the forthcoming IEEE Center for Secure Design, mobile security, and more.

Featured Article

A Denial of Service Attack to UMTS Networks: Using SIM-Less Devices from Transactions on Dependable and Secure Computing
A fundamental security element in cellular networks is the authentication procedure performed by means of the Subscriber Identity Module (SIM) which is required to grant access to network services and, hence, protect the network from unauthorized usage.

We present a new kind of denial-of-service attack based on properly crafted SIM-less devices that, without any kind of authentication and by exploiting some specific features and performance bottlenecks of the UMTS network attachment process, are potentially capable of introducing significant service degradation up to disrupting large sections of the cellular network coverage.

Read more (pdf) »