http://blogs.msdn.com/tom/archive/2008/07/17/software-applications-the-targets-of-vulnerabilities.aspxI was just reading Soma’s blog post How vulnerable are software applications? and it really makes you think about how and what you create as an application designer.&#160; According to a 2005 FBI survey, U.S. businesses lost $67.2 billion because of cyberen-USCommunityServer 2.1 SP1 (Build: 61025.2)http://blogs.msdn.com/tom/archive/2008/07/17/software-applications-the-targets-of-vulnerabilities.aspx#8743457Thu, 17 Jul 2008 14:31:27 GMT91d46819-8472-40ad-a661-2c78acb4018c:8743457Pregnant Man &raquo; Software Applications, the targets of vulnerabilities<p>PingBack from <a rel="nofollow" target="_new" href="http://wordnew.acne-reveiw.info/?p=9698">http://wordnew.acne-reveiw.info/?p=9698</a></p> http://blogs.msdn.com/tom/archive/2008/07/17/software-applications-the-targets-of-vulnerabilities.aspx#8744106Thu, 17 Jul 2008 18:07:13 GMT91d46819-8472-40ad-a661-2c78acb4018c:8744106DotNetKicks.com<p>You've been kicked (a good thing) - Trackback from DotNetKicks.com</p> http://blogs.msdn.com/tom/archive/2008/07/17/software-applications-the-targets-of-vulnerabilities.aspx#8744462Thu, 17 Jul 2008 19:54:10 GMT91d46819-8472-40ad-a661-2c78acb4018c:8744462Chris<p>Perfect, exactly what I needed.</p>http://blogs.msdn.com/tom/archive/2008/07/17/software-applications-the-targets-of-vulnerabilities.aspx#8744669Thu, 17 Jul 2008 21:16:52 GMT91d46819-8472-40ad-a661-2c78acb4018c:8744669Francois<P>I work as a .NET developer and architect consultant and I definately do know a thing or two about security, at least when using a Microsoft based environment (though I'm not clueless about the Unix world either), and one thing that strikes me the most, is, between all of the companies I worked for (and that is a lot in the current decade), NONE (zip, zero, nada) took security seriously.</P> <P>Some of them made software for -banks-!!! (not in the most critical sectors mind you, but still), some developed ERP systems that managed EVERYTHING in the company (from order entries to book keeping, going by HR and pay systems), -many- had sensitive information posted on the net (like their -entire- sale history, every single item ever sold, to whom, how, by who, for what price... and the only security was a simply plain text &lt;6 character password, no SSL, nothing).</P> <P>No matter what I'd do to convince any of them, I'd get answers such as "BAH! Its an internal application...no one from the inside is going to try to hack it!" (Yeah, with 55000 employee, not a SINGLE one of them will be a bad guy, right? RIGHT?).</P> <P>Often, security would end up being flagged as a requirement after a lot of effort of my part to convince upper management... until user comfort gets thrown into the mix "You don't expect me to have to remember a password that has a mix of letters and digits, do you?" (coming from the big boss...so everything goes down the drain).</P> <P>Simply put, I don't have any data, but I'd be guessing that the vast amount of hacking being done isn't gonna be targeting big well known software from the outside... it will come from the inside, target internal homebrewed apps, and is being done by the same person you were teaching how to use a mouse last week. Corporate culture simply makes it too easy... the awareness is just not there.</P> <P>Thats my view of it at least... I'd be interested in knowing if my experience is the norm, or the exception...</P>http://blogs.msdn.com/tom/archive/2008/07/17/software-applications-the-targets-of-vulnerabilities.aspx#8744712Thu, 17 Jul 2008 21:37:50 GMT91d46819-8472-40ad-a661-2c78acb4018c:8744712Tom<p>Francois,</p> <p>Thanks for the comment and I look forward to hearing from others. &nbsp;Hopefully things are starting to get better and this isn't the norm.</p>