Non lo faccio (solo) per farmi bello ... ;-), ma in questi giorni ho letto qualche articolo che conferma alcune delle considerazioni fatte nelle mie famose "17 perle di security governance", e ho pensato di condividerli per consolidare l'importanza di queste best practice:
Perla N° 15: necessità e urgenza dei processi di secure code developmentStudy: Largest vendors account for fewer software flawsIn sintesi: The top 10 most vulnerable software vendors, including Microsoft, are contributing a smaller percentage of all vulnerability disclosures per year compared to five years ago, an IBM analysis says. E tra le diverse considerazioni: "...the most vulnerable vendors typically have also been the biggest software vendors and those with the largest installed bases. Traditionally, security researchers and hackers have gone after vendors with the biggest installed bases because that is where they can have the biggest impact. As larger vendors begin to do a better job of locking down their software, hackers and software researchers have begun focusing their attention on newer vendors and their applications ..."
Perla N° 4: la sicurezza nei rapporti con partner che accedono alla nostra reteThird Parties Fumble Data HandoffsIn sintesi: Companies are learning -- the hard way -- that the security chain is only as good as its weakest link. In the past few days, two major organizations have suffered breaches of their constituents' personal data -- not because of something they did, but because of something their partners did.
Perla N° 2: necessità ed efficacia delle Security PolicyFirms urged to educate staff on ICT policiesIn sintesi: Over three-quarters of employers do not take steps to make sure their staff understand the ICT policies they have in place, according to new research.
Come promesso ho anche aggiornato il mini-portale con i link a questi articoli.