ACM TechNews
September 19, 2005
Dear ACM TechNews Subscriber:
Welcome to the September 19, 2005 edition of ACM TechNews,
providing timely information for IT professionals three times a
week. For instructions on how to unsubscribe from this
service, please see below.
ACM's MemberNet newsletter offers the latest information on ACM activities, member benefits, and industry issues.
The The ACM Professional Development Centre offers ACM members free access to hundreds of courses and books, and the optional ITPro Collection.
Sponsored by
![]()
Looking for a NEW vehicle? Discover which ones are right for you from
over 250 different makes and models. Your unbiased list of vehicles is
based on your preferences and years of consumer input.
[try it]
HEADLINES AT A GLANCE:
Hollywood Unites in the Battle to Wipe Out Movie Pirates
Now, Every Keystroke Can Betray You
Google to Put Copyright Laws to the Test
Crave Privacy? New Tech Knocks Out Digital Cameras
American Robots Face Spirited Competition Abroad
Researchers to Help Smart Radios Form Cognitive Networks
Camera Phones Will Be High-Precision Scanners
Internet Oversight Board OKs New Domains
How Does a Technology Improve?
Computer Science Majors Find Jobs Easily
What Would a Grid Domain Name System Look Like?
Silicon Insider: Sweet Music From a Simple Theory
Monitoring, Policing and Trust for Grid-Based Virtual Organizations
The Broadband Explosion: Thinking About a Truly Interactive World
Cyber Pork: DHS Progress Proves Elusive
IT Workers: You Can't Always Guess What They Want
Building SOA Your Way
Packing More Electronics Into Cars
False Protection
- "Hollywood Unites in the Battle to Wipe Out Movie Pirates"
New York Times (09/19/05) P. C5; Halbfinger, David M.
Frustrated with what they view as laziness or reluctance on the part of
consumer electronics and information technologies industries to invest in
anti-piracy technology, the six major Hollywood studios have partnered on a
research laboratory designed to accelerate the development of new
techniques to thwart film pirates. Motion Picture Laboratories (MovieLabs)
will initially investigate methods to disrupt the recording of movies
inside cinemas by camcorders; prevent home and personal digital networks
from being hacked while allowing consumers to send content to multiple TVs
without being overcharged; detect unauthorized content sharing on
peer-to-peer networks; spot and impede illegal file transfers on campus and
business networks; connect senders and receivers of films relayed over the
Internet to geographic and political territories; watchdog the distribution
of movies; and curb license agreement violations. The research "allows us
to develop more ways of getting creative content into the home, to mobile
devices, theaters and so forth, without exposing us to more sources of
theft," says 20th Century Fox co-Chairman James Gianopulos. MovieLabs will
receive over $30 million for its first two years of operation. The
facility is modeled after CableLabs, the cable TV industry innovator. Like
CableLabs, MovieLabs will work to reach industry-wide consensus on how to
tackle problems, develop an approach in collaboration with manufacturers,
concoct industry standards from specifications, and help manufacturers
create and test prototypes.
Click Here to View Full Article
- "Now, Every Keystroke Can Betray You"
Los Angeles Times (09/18/05) P. A1; Menn, Joseph
Cybercriminals have begun to prey on online banking customers, using
sophisticated software to record individual keystrokes and obtain passwords
and PIN numbers. From June to July, the number of reported phishing
attacks dropped, while the number of programs designed to steal passwords,
known as crimeware, more than doubled. Though many consumers report that
fears of cybercrime will lead them to modify their shopping habits, many
banks encourage the use of online transactions because they entail far less
cost than a visit to a branch. Crimeware can be installed inadvertently by
opening an attachment or an advertising link, after which it can record all
keystrokes or only those made at selected financial sites; the information
is then relayed back to the hackers, who thus far have largely been using
it to access accounts one at a time, though efforts at automating the
process have recently emerged. One particularly malicious program, known
as Grams, cuts out the step of relaying the information to the hacker and
automatically cleans out the account once the information is recorded. In
response, the FDIC has implored banks to investigate new security measures,
though they respond with the fear that too much security could become a
nuisance and cost them customers. As security measures become more
sophisticated, criminals are keeping the pace, as efforts to select
passwords with a mouse instead of using keystrokes have been met with
programs that can take a picture of a computer screen to intercept the
mouse clicks; some banks have even taken to calling customers when
irregular activity is observed on their accounts. Liability remains a
pressing issue, as the FDIC and many banks disagree on the extent to which
consumers are covered in the event that their data are compromised.
Click Here to View Full Article
- "Google to Put Copyright Laws to the Test"
Associated Press (09/18/05); Jesdanun, Anick
Not all publishers are happy with Google's initiative to digitally scan
massive libraries of books into a searchable Internet archive, out of
concern that their bottom lines could suffer. Google has an arrangement
with most major American and British publishers in which it scans any
titles they submit, presents digital images of selected pages in response
to search queries, and gives publishers a portion of revenues from
accompanying ad displays; but publishers are refusing to submit many
titles. Google launched the Print Library Project to scan obscure,
out-of-print books that publishers have no claim to, while publishers
reserve the right to ban the scanning of any library book whose copyright
they own. The search company believes the project is protected under
copyright law's "fair use" provisions, and lawyer Jonathan Band says the
limitations Google has placed on the display and printing of works scanned
from libraries strengthen Google's argument. Readers can view no more than
five pages of publisher-submitted works at a time, and no more than 20
percent of an entire book via multiple searches; however, works in the
public domain are fully accessible online. Many publishers are worried
that Google's library project will encourage others to set up similar
databases of copyrighted works that could negatively affect their revenues.
Google has put the scanning of copyrighted books on hiatus until Nov. 1 so
that publishers can compile lists of titles they do not want archived.
Text and Academic Authors Association executive director Richard Hull
thinks such a move places an unfair burden on publishers.
Click Here to View Full Article
- "Crave Privacy? New Tech Knocks Out Digital Cameras"
CNet (09/19/05); Kanellos, Michael
Photographers trying to take unauthorized pictures or video at
presentations and other venues could find themselves thwarted by a system
developed at the Georgia Institute of Technology. The prototype technology
that Shwetak Patel and other Georgia Tech researchers devised can detect a
digital camera from as far away as 33 feet via infrared scanning, and fire
a targeted beam of light at the camera lens, resulting in a blurry image
filled with glare. The device can sense a camera's presence and precisely
localize the distorting beam when the emitted infrared bounces off the
camera's highly retroreflective lens. The neutralizing light beams are
sent out in a pattern that prevents the camera from compensating for the
glare, and are also highly focused to keep distractions to a minimum. The
technology can sense and block multiple cameras and affect cameras with
either CMOS or CCD imagers. The prototype, which uses a digital projector
for the neutralizing light source and a modified video camera, can only
function indoors and cannot spot cameras in close proximity to the detector
and at sharp angles, while filters and fast shutter speeds could also
challenge its effectiveness. Patel thinks replacing the projector with a
laser pointer and a pair of mirrors will make the system less expensive.
The technology was detailed by the Georgia Tech group last week at the
Seventh International Conference on Ubiquitous Computing.
Click Here to View Full Article
- "American Robots Face Spirited Competition Abroad"
Pittsburgh Post-Gazette (09/19/05); Spice, Byron
A six-member panel led by University of Southern California roboticist
George Bekey summed up a two-year initiative from NASA, the National
Science Foundation, and the National Institutes of Health to assess the
state of robot technology around the world at an NSF workshop last week.
Bekey acknowledged U.S. superiority in surgical, biological, and space
robotics, while Asian robotics programs are yielding superior humanoid and
caregiver machines. Such overseas efforts are characterized by a
coordinated, long-term developmental strategy, which Matt Mason of Carnegie
Mellon University's Robotics Institute said runs counter to the U.S.
research community's culture of independent thought. Asian and European
robotics research is more commercial-oriented, while American research has
been chiefly fueled by the military; Bekey noted, however, that NASA and
the Defense Advanced Research Projects Agency have scaled back R&D spending
in recent years. He said major companies have avoided robotic technology
investment out of concern for short-term returns, in contrast to the long
view held by Asian firms. Bekey also pointed to the underfunding of U.S.
startup firms stemming from the desire for faster profits. Mason cited the
commercial applications of speech recognition and motion planning and
simulation technology as examples of robotic technologies' "spectacular
success," and argued that the panel's evaluation of the worldwide robotics
field is too narrowly focused. The NSF workshop featured demonstrations of
robots developed by U.S. groups, such as the six-legged RHex and the RiSE
climbing machine.
Click Here to View Full Article
- "Researchers to Help Smart Radios Form Cognitive Networks"
Virginia Tech News (09/19/05)
The National Science Foundation has awarded Virginia Tech's Center for
Wireless Telecommunications (CWT) a three-year grant to further its
cognitive radio effort to the point where the radios can share a
distributed knowledge base for individual and collective reasoning and
learning. The grant comes under the aegis of the NSF's NetS Programmable
Wireless Information Networks Program. CWT director and electrical and
computer engineering professor Charles Bostian describes cognitive radios
as "similar to living creatures in that they are aware of their
surroundings and understand their own and their user's capabilities and the
governing social constraints." He says the first step is to train the
radios to form into networks by seeking others of their own kind and
recognizing their environment, and then teach the different cognitive
radios to interact. The first large-scale tests of cognition will be
carried out by the CWT team in a wireless network setting, and are expected
to determine whether cognitive methods can permit "Wi-Fi like" services in
previously unusable TV spectrums, among other things. Bostian says the
experiments will involve fully implementing a cognitive engine in any
wireless network, deploying cognitive engines within the GNU radio, and
practically evaluating cognitive wireless networks' advantages in terms of
performance.
Click Here to View Full Article
- "Camera Phones Will Be High-Precision Scanners"
New Scientist (09/14/05); Graham-Rowe, Duncan
Camera phones can capture and digitize small amounts of text from printed
documents using limited optical character recognition software, but new
software from NEC and the Nara Institute of Science and Technology (NAIST)
in Japan can allow whole documents to be captured by stitching together
dozens of still images of the page being scanned. The software can also
correct distortions caused by the page's curvature. "The goal of our
research is to enable mobile phones to be used as portable faxes or
scanners that can be used any time," NEC says. Andrew Yates, intellectual
property advisor to England's Periodical Publisher's Association, is
concerned the new software will provoke howls of protest from publishers by
enabling users to copy documents without purchasing them. NEC claims the
software is designed to avoid copyright conflicts by triggering an alarm
when it is used. Both NEC and NAIST say commercialization of the software
is three years away.
Click Here to View Full Article
- "Internet Oversight Board OKs New Domains"
Associated Press (09/16/05); Jesdanun, Anick
ICANN has approved the ".cat" Web domain for people and organizations
promoting the Catalan language and culture. Also in a recent
teleconference, the ICANN board once again delayed its decision on whether
to approve the much more controversial ".xxx" domain for Web sites with
adult or pornographic content. The ICANN board's request for changes to a
contract with proposed .xxx manager ICM Registry marks the second time in
as many months that the organization has deferred its ruling on the domain.
Conservative groups and some pornography Web site managers have expressed
opposition to the creation of a separate domain for adult sites. While
supporters say the domain would make the porn industry comply with
anti-spamming and other rules, critics charge that the domain would
legitimize pornographic material on the Internet and make it more
accessible. Some porn sites have also argued that the domain could pave
the way for censorship and more government control of adult content on the
Web. In addition to the decisions regarding the ".cat" and ".xxx" domains,
the ICANN board was also supposed to consider approving a proposed ".asia"
domain, but no action was taken on the matter.
Click Here to View Full Article
- "How Does a Technology Improve?"
Knowledge@Emory (09/21/05)
Some researchers are challenging the long-established S-curve theory that
holds that successful technologies begin their life cycles less effectively
than the competition, but eventually intersect with them before eclipsing
them entirely; at that point, the theory holds that the technology has
matured and has little room for further improvement. The notion that
managers should then abandon the technology in favor of something new is
faulty, according to Ashish Sood, an assistant professor of marketing at
Emory University. Sood contends that S-curve theory has become so
entrenched that few people even question it, despite the absence of any
solid evidence supporting it. Sood and fellow researcher Gerard Tellis, a
professor of marketing at the University of Southern California, collected
information on the development of 23 individual technologies and found that
between 80 percent and 90 percent did not follow the S-curve; many new
technologies initially outperformed the competition, while some older
technologies continued to improve even after they reached the point of
maturity. Technologies such as optical and magnetic memory bucked the
trend, and followed an irregular pattern of alternating popularity. Sood
and Tellis write that "using the S-curve to predict the performance of a
technology is quite risky and may be misleading." Many existing
technologies could improve if managers abandon the S-curve theory and
reevaluate the way they apportion research funding. Many of his colleagues
have been resistant to Sood's findings, however, arguing that he is not
replacing the theory with anything measurable; Sood counters that
technology is inherently unpredictable, and the simple fact that a
technology has supposedly matured is not a legitimate reason to abandon its
further development.
Click Here to View Full Article
- "Computer Science Majors Find Jobs Easily"
El Paso Times (TX) (09/16/05); Flynn, Ken
College students in the El Paso-Las Cruces area came out for a free seminar
involving IBM executives to learn more about the opportunities available to
them in pursuing a career in information technology. "Hundreds of
thousands of high-tech jobs in the United States go unfulfilled because of
the lack of qualified computer science graduates," said IBM's Mark Hanny.
Hanny participated in the seminar at the University of Texas El Paso, along
with Irene Hernandez Roberts of Austin IBM, as part of a series to get
Hispanics and women more interested in the IT industry. Ann Gates,
director of the UTEP Computer Science Department, said too many students
believe the computer science field is for geeks who enjoy sitting alone in
front of a computer all day. "Computer science majors are all over the
world, as well as in the local business community, coming up with
innovative ideas and applying them to solve problems," she said. UTEP
launched a computer science doctoral program this fall, but Gates said the
number of computer science majors has reached a 10-year low because of the
poor image people have of tech jobs.
Click Here to View Full Article
- "What Would a Grid Domain Name System Look Like?"
InfoWorld (09/14/05); Nawrocki, Greg
The Corporation for National Research Initiatives (CRNI) is developing a
handle system for grids that would provide attribute services and function
as an infrastructure and root service. Based on a domain name system
model, the handle system would globally resolve resource names. By
facilitating user-management of bindings, access rights are administered on
an individual level. A centralized root system is especially important in
light of the development of extra-grids, where distributed policy mandates
and resource discovery questions are especially pertinent. David Holtzman,
the former CTO of Network Solutions, believes a grid handle system is the
next phase of the grid's natural development as the number of domain names
continues to swell exponentially. "Having the inventory of resources
consolidated in a central broker seems like a logical step to solving the
issues," says Holtzman. In addition, he emphasizes the importance of
approaching grid on a framework level, rather than by addressing each of
its individual components. The handle system also empowers low-level
management to employ the technology without having to arrive at an
organization-wide consensus. The handle system project aims to incorporate
a Web services interface to augment conventional interfaces, such as SAML
attribute and XKMS queries, as well as basic name/value resolutions.
Click Here to View Full Article
- "Silicon Insider: Sweet Music From a Simple Theory"
ABC News (09/15/05); Malone, Michael S.
Scientist and entrepreneur Stephen Wolfram postulates that incredibly
complex structures can be randomly generated from very simple items and
equally simple rules when they are run innumerable times on a computer.
This theory, based on the field of cellular automata, underlies what
Wolfram identified as a previously hidden order to the universe in his
book, "A New Kind of Science." Although his theory has caused barely a
ripple in the scientific world, Wolfram has applied it to a random music
generator, WolframTones. A person accesses the WolframTones Web page, and
chooses a style of music. The user can also adjust the music's pitch, the
instrument selection, and the time signature. The computer then
automatically generates musical notes using a small number of simple rules,
which work in conjunction with segments of mosaic pyramids Wolfram created
by cellular automata. The resulting tunes are random yet structured at the
same time. Wolfram hopes WolframTones will fuel interest in his theory.
Click Here to View Full Article
- "Monitoring, Policing and Trust for Grid-Based Virtual Organizations"
University of Southampton (ECS) (09/15/05); Patel, Jigar; Teacy, W.T. Luke;
Jennings, Nicholas R.
Developing an infrastructure that enables the automatic creation and
management of an agile and resilient virtual organization (VO) in a grid
environment is the goal of the Grid-enabled Constraint-Oriented Negotiation
in an Open Information Services Environment (CONOISE-G) project. The
effort is designed to supply mechanisms to guarantee the effective function
of agent-based VOs in open, dynamic, and competitive settings inhabited by
disruptive and potentially malign entities. In the researchers'
implemented system prototype, VO formation is founded on the core
technologies of agent decision-making, auctions for contract allocations,
and service discovery that incorporates quality of service (QoS)
evaluation. Ensuring that the VO can encourage good interactions and
effectively deal with bad ones involves the monitoring of QoS levels, the
minimization of uncertainty in participant behavior, and the setup of
mechanisms for identifying and addressing breaches in contract once they
have occurred. CONOISE-G uses a trust and reputation model for agent-based
VOs (TRAVOS) that provides a trust metric representing the level of trust
in an agent; it also mirrors an individual's confidence in its level of
trust for another agent, and does not automatically accept the opinions of
others as accurate or experientially-based. This last function is
facilitated by an exogenous solution in which a reputation provider is
assessed according to the perceived accuracy of its past opinions.
CONOISE-G's QoS monitoring component assigns the QoS Consultant the task of
recording and amassing QoS data, monitoring QoS levels, and notifying the
VO Manager of any anticipated declines in QoS. The third central element
of CONOISE-G is a policing system designed to respond to reported
exceptional circumstances, and based on computational models of legal
reasoning and argumentation.
Click Here to View Full Article
- "The Broadband Explosion: Thinking About a Truly Interactive World"
HBS Working Knowledge (09/05); Grant, Sara
Although the long-anticipated promise that technology will be able to
replicate face-to-face human interaction has thus far been elusive, the
emergence of broadband figures to make that dream a reality, according to
professors Robert Austin and Stephen Bradley in their new book, "The
Broadband Explosion." Interactive media and communication tools abound,
though none have been able to simulate the real-time interaction of
personal contact. As broadband consolidates its hold on the future of
communications, there is considerable debate about what, if any, role
government and other regulatory bodies should play in its development: The
United States has taken a laissez faire approach to broadband development
that encourages competition but leaves the specifics to be determined by
the forces of the market, while some foreign governments are playing a more
active role in creating broadband infrastructure. This has some concerned
that the United States will fall behind, as it does not rank in the top 10
in the measure of broadband deployment. Once broadband reaches a certain
speed that can be obtained consistently and easily, the business model will
have to change to find new measures of value. Just as no one could have
predicted the sweeping impact of computers in the early years of their
development, broadband is likely to usher in a host of unforeseen
applications as the technology matures. As broadband begins to bring
interaction closer to real time, innovation is likely to be one of the
prime beneficiaries, as it will foster the sharing of ideas in a
collaborative environment. It is also possible that communication will be
able to take on a human dimension, as factors such as emotion creep into
broadband-enabled interactions.
Click Here to View Full Article
- "Cyber Pork: DHS Progress Proves Elusive"
eWeek (09/12/05) Vol. 22, No. 36, P. 24; Carlson, Caron; Roberts, Paul F.
None of the Department of Homeland Security's stated cybersecurity
responsibilities have been addressed by its Information Analysis and
Infrastructure Protection (IAIP) Directorate, according to the Government
Accountability Office, despite a 2004-2005 budget of nearly $2 billion.
Reasons cited for this lack of progress include organizational instability,
a political de-emphasis on cybersecurity funding, unwieldy procurement and
hiring procedures, and uncertainty among potential private-sector partners
that they will benefit. In addition, the DHS is susceptible to the
influence of legislators whose agendas are often shaped by special
interests; for example, SANS Institute director Alan Paller says the DHS
has been dissuaded from pressuring software vendors to improve the security
of their products largely thanks to the lobbying efforts of ISPs and
software providers. A restructuring announced by DHS Secretary Michael
Chertoff in July includes the dissolution of the IAIP directorate and the
creation of an assistant secretary for cybersecurity and
telecommunications, who has yet to be appointed. Nevertheless, some people
say the DHS has performed admirably, given the challenges it faces.
Chairman of U.S.-CERT Howard Schmidt lauds the agency for facilitating
dialogue with information sharing and analysis centers and private-sector
industry groups, while Savvis Communications chief security officer Bill
Hancock cites DHS' effectiveness in cultivating engagement between
different government agencies. Andy Purdy, acting director of the National
Cyber Security Division (NCSD), reports that his division has made progress
in the construction of a National Cyberspace Security Response System and
the deployment of a cyber-risk management program for critical
infrastructure. Yet he admits there are few readily available,
quantifiable results in terms of cybersecurity progress.
Click Here to View Full Article
- "IT Workers: You Can't Always Guess What They Want"
Computerworld (09/12/05) P. 52; Horowitz, Alan S.
Fulfilling IT staffers' needs is the secret to high productivity and low
turnover, but there is often a disconnect between what IT managers think
workers want and what they actually want. This is critical in view of the
apparent resurgence of turnover as a result of retiring baby boomers, a
decline in computer science majors graduating from U.S. universities, and
more overseas opportunities that encourage foreign-born IT talent to stay
at home. Many experts say it is folly to assume that money is the chief
desire of IT employees: More important to workers is the feeling that they
are making a meaningful contribution to the company, a feeling reinforced
by recognition and appreciation for their efforts. Other documented wants
of IT professionals include job security; access to new technologies;
reasonable and less stressful work schedules; and more appreciation from
business customers. Managers have a responsibility to ensure that IT's
contributions are esteemed and to relay such recognition to employees.
Humana CTO Brian LeClaire places IT workers in several distinct categories
in terms of motivation: Some employees enjoy their usually
technology-centric work as it is and wish to continue in that vein, while
some prefer new challenges and projects. Still others want to advance
their careers and move into management, a common desire among increasing
numbers of IT workers. The best strategy for determining what IT workers
want is simply to ask them. Such needs can be extracted through
performance reviews, formal surveys, "town hall" meetings, and other
programs.
Click Here to View Full Article
- "Building SOA Your Way"
InfoWorld (09/12/05) Vol. 27, No. 37, P. 20; Udell, Jon
A service-oriented architecture (SOA) must boast scalability for future
demands while simultaneously meeting immediate business needs, a deft
balancing act given the maze of Web services standards, collectively known
as the WS-* stack, that architects and developers must negotiate. A
unifying conceptual framework is needed in order to make the Web services
stack more manageable. RouteOne technology director T.N. Subramaniam
thinks the Java Business Integration initiative could provide such an
infrastructure, while Furrukh Khan with Ohio State University Medical
Center sees Microsoft's Indigo suite of Web service protocols as a toolkit
for subduing the complexity of the WS-* stack. OASIS CEO Patrick Gannon
cites blueprints and reference models published by his standards body
designed to show architects how the numerous WS-* specifications integrate
to address particular problems. Architects and developers who do not
require advanced WS-* at the moment typically concentrate on fundamental
standards such as SOAP and WSDL. This is because toolkits and frameworks
can entail proprietary abstraction lock-in even when wire protocols are
standard and open. Ultimately, enterprises must decide for themselves what
WS-* specs are appropriate.
Click Here to View Full Article
- "Packing More Electronics Into Cars"
NE Asia Online (09/05); Kariatsumari, Koji
Car manufacturers are accelerating their efforts to enhance vehicles with
new electronics to accommodate environmental regulations, safety standards,
and comfort issues. Legislation and political pressure in the United
States and elsewhere to reduce CO2 emissions will likely increase the
appeal of fuel-efficient hybrids and electric cars among consumers, forcing
manufacturers to position themselves for widespread adoption. Electricity
storage systems used in such vehicles are likely to be a source of major
activity by the end of the decade as Li-ion rechargeable batteries,
electrical double-layer capacitors, and other products join NiMH
rechargeable batteries; however, cost represents the biggest obstacle to
the adoption of these various technologies. Automobile makers are starting
to develop safety enhancement systems for high-end vehicles that use
cameras and radar to monitor road conditions and avoid accidents, while
systems geared toward preserving vehicle stability are being
commercialized. Transferring this technology to lower-priced vehicles is a
major issue, and central to this problem is how sensor costs can be
sufficiently lowered. A major escalation in software development is
expected, but CATS Co.'s Masahiko Watanabe warns that traditional
development techniques will have limited application. "Once the
development of software design to prevent accidents and heighten safety
through autonomous control gets rolling, the amount of simulation time
required for verification will be staggering, and it will be extremely
difficult to fulfill the requirements," he notes. Static verification is
one possible solution.
Click Here to View Full Article
- "False Protection"
Software Development (09/05) Vol. 13, No. 9, P. 34; O'Connell, Laurie
The software designed to bolster enterprise systems against malware and
other cyberthreats has itself become a ripe target for hackers, and
analysts such as Cigital CTO and author Gary McGraw say security software
providers' failure to be software security practitioners is chiefly to
blame. "Vendors have to engineer security into the development application
lifecycle, get developers to have core responsibility, and give them the
tools to do it," says Yankee Group analyst Andrew Jaquith. He suggests
that security software developers perform design reviews early and
regularly; run nightly regression tests and frequent code base reviews;
maintain focus on privilege levels and authorization management; study
component authentication; unearth buffer overflows; and conduct checkpoint
reviews with security-savvy personnel. Jaquith also recommends that
developers test for functions the application is not supposed to carry out.
Furthermore, he advises developers to base their choice of vendor or
software security system on hard evidence of best practices and an
exhaustive technique for spotting and fixing problems encountered by staff,
clients, or third parties. Another way to boost security is to fortify the
patching infrastructure and analyze security products' auto-update
components. An organization's general security can also be shored up by
deploying a diverse assortment of anti-virus products from multiple
vendors, as well as multisourced solutions from varying code bases.
Click Here to View Full Article
To submit feedback about ACM TechNews, contact:
technews@xxxxxxxxxx
To unsubscribe from the ACM TechNews Early Alert Service:
Please send a separate email to listserv@xxxxxxxxxxxxxxxx
with the line
signoff technews
in the body of your message.
Please note that replying directly to this message does not
automatically unsubscribe you from the TechNews list.
ACM may have a different email address on file for you,
so if you're unable to "unsubscribe" yourself, please direct
your request to: technews-request@xxxxxxx
We will remove your name from the TechNews list on
your behalf.
For help with technical problems, including problems with
leaving the list, please write to:
technews-request@xxxxxxx
to the top
© Copyright 2005 Information, Inc.
|
|
© 2005 ACM, Inc. All rights reserved.
ACM Privacy Policy.
|
|