How to measure security of SW?

Discussion in 'Mac Apps and Mac App Store' started by oneputts, Nov 27, 2003.

  1. oneputts macrumors newbie

    Joined:
    Nov 27, 2003
    Location:
    Sweden
    #1
    Is there a way of measuring the security level, absolute or relative, for software in general and an OS specifically? For the latter, is there a basic difference in this respect for Mac OS, Windows OS..., Linux OS, etc.? I want to learn how to measure and record the security level for example before and after patching. Also the patch itself is of interest. - Is there any research going on addressing measuring of SW security?

    Lennart Damm
    Mobile Internet Security Analysis & Synthesis
    OnePuttSolutions.com
     
  2. cb911 macrumors 601

    cb911

    Joined:
    Mar 12, 2002
    Location:
    BrisVegas, Australia
    #2
    i'm not quite sure what you mean. are you talking about software being vulnerable to hacking? as in being used as a 'backdoor' to your machine?
     
  3. Catfish_Man macrumors 68030

    Catfish_Man

    Joined:
    Sep 13, 2001
    Location:
    Portland, OR
    #3
    Re: How to measure security of SW?

    The main problem is that security holes (the hard ones anyway) are typically "the place we didn't think of", and anything designed to test security will only test the ways the designer can think of.
     
  4. oneputts thread starter macrumors newbie

    Joined:
    Nov 27, 2003
    Location:
    Sweden
    #4
    SW security

    Yes, but that´s only the tip of the iceberg. All SW and data (video, pictures, music) installed or loaded down/up is a potential security risk for an Internet based system. It does not have to be a hacker doing this, in fact it is the exception. We are talking planning, design,..., operation processes here. And - how do we measure the increase or decrease of security in a system or computer?

    A trivial example, a well-konwn issue: Avoid (some/all) buffer overflow (attack or user mishap or bug) by using best practice non-pointer SW design methods.
     
  5. oneputts thread starter macrumors newbie

    Joined:
    Nov 27, 2003
    Location:
    Sweden
    #5
    Re: Re: How to measure security of SW?

    This is one key issue. How do we test security? Or security level? This should be addressed already on the idea stage of product development.

    The other key issue here is that any upgrade/update avoided is an improvement of security, no matter what system we talk about. Each needed upgrade must be handled as a "new product" when it comes to security.
     

Share This Page