Home > Blogs > Gary McGraw Does IT Again

Good books by Gary McGraw predict today's security issues again.

DNS has big flaws in the fundamental design!  That explains all the patch notices you've seen for many, many technologies dependent on DNS.  While we must wait until August for the details, this is a big issue with a technology many thought fundamentally debugged.

I've been reading and enjoying Building Secure Software.  McGraw's book rises above today's technologies and their vulnerabilities to predict trends and core issues with any IT technology.  Chapter 4's brilliant dissertation on Open versus Closed Source security, and their fallacies, nicely anticipates today's DNS articles.  In short, if numbers of eyes reviewing a technology ensures security (beyond what closed source can offer) then problems with wu-ftpd and bind and DNS itself would be unheard of.

Secure architecture and coding is incredibly difficult to do.  Even relatively stable technologies, like DNS, can one day be found to have security issues in the core design.  Many, many people reviewed wuftpd's source for years, me included, but who saw the file globbing errors that plagued it in year 2000?

If you want an experienced, insightful view into the winning and losing strategies to secure coding, pluck the pennies from your furniture cushions, break into the change piggy bank you keep from your family, do whatever it takes to order the three book set.  In return, you'll get a clear view of universal factors that help anticipate current and future security issues.

jTraenkenschuh, CISSP-ISSAP

Comments

comments powered by Disqus