Home > Articles > Security > Software Security

Measuring the Effectiveness of Application Security Policies

  • PrintPrint
  • Share ThisShare This
  • DiscussDiscuss

Like this article? We recommend

Design and Implementation of the FreeBSD Operating System, TheDesign and Implementation of the FreeBSD Operating System, The

Learn MoreAdd To Cart
It's easy for software vendors to insist that their products are safe, simply by pointing to the small numbers of vulnerabilities detected. But, as David Chisnall notes, statistics lie: Just because a package has few REPORTED vulnerabilities, that doesn't mean that it actually HAS few vulnerabilities, or address the severity of the holes that are reported. In this article Chisnall argues the true measure of security is what happens once a vulnerability is found.

Choosing the Right Measure

There have been a lot of reports in the news recently about the relative security of different platforms. For the most part, the press uses completely uninformative measures, such as the number of vulnerabilities found in a given time period—a measure orthogonal to the number of remaining vulnerabilities. If 10 vulnerabilities are found in one program and 20 in another, this doesn’t tell you anything about the number of vulnerabilities remaining.

The important question is not how many vulnerabilities are found, but what happens when one is discovered. It has been said that security is a process, not a state, but it’s also an attitude.

  • Share ThisShare This
  • Save To Your Account
Design and Implementation of the FreeBSD Operating System, The

Like this article? We recommend

Design and Implementation of the FreeBSD Operating System, The

Learn MoreAdd To Cart

Discussions

comments powered by Disqus

Related Resources

OnOpenSource (Audio + Video)OnOpenSource (Audio + Video)

Recent Episodes

 Subscribe
OnNetworking (Audio + Video)OnNetworking (Audio + Video)

Recent Episodes

 Subscribe

See More Podcasts

#TuesdayTrivia: Spotlight on WP7 (Win a copy of Sams Teach Yourself Windows Phone 7 Application Development)
By on May 2, 2012Comments
These days, what CAN'T a smartphone do? Microsoft is putting their own spin on things to help you experience "life in motion" when using your device. Instead of containing static application icons, the re-imagined Start screen features live Tiles showing real-time content updates.

What Apple and Every Apple Support Professional Must Do
By on April 14, 2012Comments

The Flashback attack is a sign of more to come.  Are you prepared to see your Apple computer (or those you support) as functional UNIX devices that require special skills?


Information Technology Musings...
By on April 11, 2012Comments

Surprise!  Students are returning to IT as a career.  Are they ready?  Are you ready as a long-term IT worker for your new colleagues?


See All Related Blogs

CCSP Self-Study: Advanced AAA Security for Cisco Router Networks
By
Unwitting Collaborators: Series Introduction
By ,
Donald Pipkin's Security Tips for the Week of December 23rd
By

See All Related Articles

DownloadMicrosoft System Center 2012 Unleashed
Microsoft System Center 2012 Unleashed
By , , ,
Downloadable PDF$38.39
Learning Core Audio: A Hands-On Guide to Audio Programming for Mac and iOSLearning Core Audio: A Hands-On Guide to Audio Programming for Mac and iOS
By ,
Physical Product$31.99
Sams Teach Yourself SharePoint 2010 Development in 24 HoursSams Teach Yourself SharePoint 2010 Development in 24 Hours
By , ,
Physical Product$27.99

See All Related Store Items