Security

Vol. 5 No. 1 – February 2007

Security

The Silent Security Epidemic

Developers are challenged by attacks that target certain types of applications.

Although the industry is generally getting better with dealing with routine types of security attacks, developers are today being challenged by more complex attacks that not only flow below the radar, but also specifically target certain types of applications. In this Queuecast edition, Ryan Sherstobitoff, CTO of Panda Software describes what new types of sophisticated attacks are being created and what proactive steps developers need to take to protect their applications.

One Step Ahead

Security vulnerabilities abound, but a few simple steps can minimize your risk.

Every day IT departments are involved in an ongoing struggle against hackers trying to break into corporate networks. A break-in can carry a hefty price: loss of valuable information, tarnishing of the corporate image and brand, service interruption, and hundreds of resource hours of recovery time. Unlike other aspects of information technology, security is adversarial. It pits IT departments against hackers.

by Vlad Gorelik

The Power of IP Protection and Software Licensing

Software Digital Rights Management solutions are the de-facto standard today for protecting IP.

Intellectual Property (IP) - which ranges from ideas, inventions, technologies, and patented, trademarked or copyrighted work and products - can account for as much as 80% of a software company's total market value. Since IP is considered a financial asset in today's business climate, the threats to IP create a real concern. In an interview with ACM Queuecast host Michael Vizard, Aladdin vice president Gregg Gronowski explains how Software Digital Rights Management solutions are the de-facto standard today for protecting software IP, preventing software piracy, and enabling software licensing and compliance.

DOA with SOA

Adopting this architectural style is no cure-all.

It looks like today is finally the day that we all knew was coming. It was only a matter of time. An ambulance has just pulled up to haul away Marty the Software Manager after his boss pummeled him for failing to deliver on promises of money savings, improved software reuse, and reduced time to market that had been virtually guaranteed merely by adopting SOA (service-oriented architecture). Everything could have been so different for Marty. If only there had been a red-hot market for a software application that fetched the price of London gold, converted the price from pounds to dollars, calculated the shipping costs for the desired quantity, and then returned a random verse from the King James Bible. As opposed to the currently unfolding scenario involving an ambulance, Marty's mental vision was one of a Brinks truck speeding to the scene to empty coffers buckling under the strain of overflowing cash.

by Alex Bell

Five Steps to a Better Vista Installation - Transcript

Unravel the mysteries and learn the best practices associated with mastering the new application installation routines for Vista applications. In this Premium Queuecast hosted by Michael Vizard, Bob Corrigan, senior manager for global product marketing at Macrovision, and Robert Dickau, principal trainer, reveal the five most crucial things you need to know about Vista application installations.

Joining me today is Bob Corrigan, Senior Manager for Global Product Marketing at Macrovision; and Robert Dickau, Principal Trainer for Macrovision. Today's topic is Vista, and the installation routines around Vista and the opportunities that bring developers.

Software Operations' Profit Potential

Today's software producer faces many challenges in building and keeping a satisfied customer base. In this ACM Premium Queuecast, Macrovision FLEXnet Publisher Product Manager Mitesh Pancholy discusses how companies can solve their license management challenges and turn their software operations into a profit center.

Joining me today is Mitesh Pancholy, Product Manager for Macrovision, and Abby Domini, also with Macrovision. We're going to talk about license management today.

Reporting for Duty

All too often the reporting tools that developers select for their applications are a little more than an afterthought. In this Premium ACM Queuecast, Vice President of Product Management for Actuate, Paul Clenahan, explains why it's in the interest of developer to select richer sets of reporting tools and how these tools more readily accessible though the Eclipse Foundation's BIRT project, spearheaded by Actuate.

Joining me today is Paul Clenahan, Vice President of Product Management at Actuate, and a member of the BIRT Project Management Committee, who's here to discuss future trends in reporting tools.

A Conversation with Jamie Butler

Rootkitting out all evil

Rootkit technology hit center stage in 2005 when analysts discovered that Sony BMG surreptitiously installed a rootkit as part of its DRM (digital rights management) solution. Although that debacle increased general awareness of rootkits, the technology remains the scourge of the software industry through its ability to hide processes and files from detection by system analysis and anti-malware tools.

A Behavioral Approach to Security

Analyzing the behavior of suspicious code

The CTO of Finjan, Yuval Ben-Itzhak, makes a strong case for a new approach to security that relies more on analyzing the behavior of suspicious code than signatures that have to developed after the attacks have already started.

Open vs. Closed: Which Source is More Secure?

Which source is more secure?

There is no better way to start an argument among a group of developers than proclaiming Operating System A to be "more secure" than Operating System B. I know this from first-hand experience, as previous papers I have published on this topic have led to reams of heated e-mails directed at meincluding some that were, quite literally, physically threatening. Despite the heat (not light!) generated from attempting to investigate the relative security of different software projects, investigate we must.

by Richard Ford

Custom Processing

Today general-purpose processors from Intel and AMD dominate the landscape, but advances in processor designs such as the cell processor architecture overseen by IBM chief scientist Peter Hofstee promise to bring the costs of specialized system on a chip platforms in line with cost associated with general purpose computing platforms, and that just may change the art of system design forever.

Today we're going to talk about system on a chip and some of the design issues that go with that, and more importantly, some of the newer trends, such as the work that IBM is doing around the cell processor to advance the whole system on a chip processor. To that end, we've invited Peter Hofstee, Chief Scientist for the cell processor project that is being funded by IBM, Toshiba, and Sony, to talk to us today about how the whole system on a chip marketplace might change in the advent of the invention of the cell processor, and what technology is driving that.

Realtime Garbage Collection

It's now possible to develop realtime systems using Java.

Traditional computer science deals with the computation of correct results. Realtime systems interact with the physical world, so they have a second correctness criterion: they have to compute the correct result within a bounded amount of time. Simply building functionally correct software is hard enough. When timing is added to the requirements, the cost and complexity of building the software increase enormously.

by David F. Bacon

Intellectual Property and Software Piracy: The Power of IP Protection and Software Licensing, an interview with Aladdin vice president Gregg Gronowski

The Power of IP Protection and Software Licensing, an interview with Aladdin vice president Gregg Gronowski

We're here today to talk about intellectual property and the whole issue of software piracy and our friends at Aladdin are considered one of the de facto standards today for protecting software IP, preventing software piracy, and enabling software licensing and compliance. So joining us today to discuss that topic is Aladdin Vice President, Greg Gronowski.

A License to Kode

Code-scanning software is expensive and I'm not sure it's worth it. What do you think?

While it's sometimes tempting to blame the coders, the seeds of many problems are sown well before any lines of code (dodgy as they may be) have been written. Everything from the choice of tools to the choice of a software license can affect the quality, usability, and commercial potential of a product. This month Kode Vicious takes a step away from coding technique and addresses some of these tough decisions with which developers must grapple.

by George Neville-Neil