5 Making Bugs Meaningful to the Average Manager Empirical measurement of any pro

Question

5 Making Bugs Meaningful to the Average Manager

Empirical measurement of any product is always an issue. It is a particularly difficult task when it comes to software.

Your CISO has concerns about the lack of quantitative data to manage the software security of the company's websites. He is particularly concerned about identifying and repairing cross-site reference (CSRF) holes. You plan to put together explicit measures that will allow the CISO to quantitatively track this issue.

But you have to understand the current status of this bug in order to develop a measurement process that will assist managers.

To begin your assignment:

Explanation / Answer

Another way to categorize attacks is by the technical aspect; different attack types exploit vulnerabilities. For example, an attack that exploits the bugs in a user application is a risk only to those who use that application. An attack that exploits security holes in an operating system is likely to put larger group at risk because most computers run one of only a few common operating systems. The most universally dangerous is the attack that uses the characteristics of a networking protocol, particularly TCP/IP, the protocol run by every computer on the Internet. Many common attacks are based on creative exploitation of some weaknesses or characteristics of a member of the TCP/IP protocol suite.

Application exploits

    Modern versions of the Microsoft Office applications allow us to create macros or use Visual Basic for Applications to automate functions. This helps hackers to insert malicious code into Office documents, which can then be sent to a destination on our network as email attachments.

Also Microsoft outlook and other sophisticated email clients as well as Microsoft

Related Questions

Navigate

• Browse (All)
• Browse 5
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.