Abstract
Prosecution of cybercrimes is becoming more effective, but it still has many challenges. The computer industry has not been idle. The Twenty-first Century marked the identification of security as critical to the progress of the computer industry. Industry leaders acknowledged that lack of security and the rise of cybercrime would halt the advance of computing. The response was dramatic. Security and dependability became bywords. The entire development process was rethought to build security into allsoftware. The result has been more secure software and establishment of processes and institutions aimed at making cybercrime difficult or impossible. Securing the software base is a work in progress against an army of intelligent and inspired criminals, but software is becoming more secure.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsNotes
- 1.
“Memo from Bill Gates,” January 15, 2002. https://news.microsoft.com/2012/01/11/memo-from-bill-gates/ . Accessed September 2016.
- 2.
The latest version can be downloaded at www.microsoft.com/en-us/download/details.aspx?id=29884 . Accessed September 2016.
- 3.
For an overview of published process guidelines see Noopur Davis, “Secure Software Development Life Cycle Processes,” Department of Homeland Security, Build Security In, Setting a Higher Standard For Software Assurance, July 13, 2013. https://buildsecurityin.us-cert.gov/articles/knowledge/sdlc-process/secure-software-development-life-cycle-processes#tsp . Accessed September 2016.
- 4.
A bespoke application is written specifically for a given customer. Large enterprises often have bespoke applications that are written in house or by third parties to address the enterprise’s unique requirement. Sometimes, a bespoke application is a commercial off-the-shelf (COTS) product that has been modified to meet special requirements. Bespoke applications often cause extra expense and security issues because the issues are unique and not identified or mitigated in the industry-wide environment.
- 5.
For more details about the CVE organization see Common Vulnerabilities and Exposures, “About CVE,” http://cve.mitre.org/about/ . Accessed September 2016.
- 6.
See “ITU-T Recommendations, ITU-T X.1520 (04/2011),” April 20, 2011. www.itu.int/ITU-T/recommendations/rec.aspx?rec=11061 . Accessed September 2016.
- 7.
The details are in the following: Vulnerability Notes Database, “Vulnerability Note VU#21781,” July 29, 2016. www.kb.cert.org/vuls/id/217871 . Accessed September 2016. Nightwatch Cybersecurity, “ Advisory: Intel Crosswalk SSL Prompt Issue [CVE 2016-5672],” July 29, 2016. wwws.nightwatchcybersecurity.com/2016/07/29/advisory-intel-crosswalk-ssl-prompt-issue/. Accessed September 2016.
National Vulnerability Database. “Vulnerability Summary for CVE-2016-5672,” July 31, 2016. https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-5672 , and “Crosswalk security vulnerability,”
https://blogs.intel.com/evangelists/2016/07/28/crosswalk-security-vulnerability/ . Accessed September 2016.
- 8.
Don’t confuse Microsoft Control Flow Guard with network flow control , which addresses network congestion problems. The two are very different.
Author information
Authors and Affiliations
Rights and permissions
Copyright information
© 2017 Marvin Waschke
About this chapter
Cite this chapter
Waschke, M. (2017). What Has the Industry Done?. In: Personal Cybersecurity. Apress, Berkeley, CA. https://doi.org/10.1007/978-1-4842-2430-4_8
Download citation
DOI: https://doi.org/10.1007/978-1-4842-2430-4_8
Published:
Publisher Name: Apress, Berkeley, CA
Print ISBN: 978-1-4842-2429-8
Online ISBN: 978-1-4842-2430-4
eBook Packages: Professional and Applied ComputingProfessional and Applied Computing (R0)Apress Access Books