Jump to content
Please pay attention NOT TO DOUBLE POST!

Worst Software Originates from US Government


Guest Black-Widow
 Share

The last post in this topic was made more than 14 days ago. Only post in this topic if you have something valuable to add. Irrelevant posts are not allowed and you will be warned/banned for spamming old topics.

Recommended Posts

Guest Black-Widow

According to experts’ opinion, the US government holds the reputation of the writer of the worst software code ever.

Posted Image

According to the famous insecurity researcher, the American software developers are responsible for considerably more hackable security flaws in their code. That’s what the chief technology officer of bug-hunting company Veracode is going to tell delegates at the Black Hat Europe security conference in the Netherlands this week.

He has been looking at almost 10,000 pieces of software over the second half of 2010 and 2011. The software was scanned for errors which the hackers could use to hit either a website or a user’s computer.

80% of the applications failed to fully live up to the security criteria. However, breaking down the results between American government and private sector, the software developed by government team appeared to rank as garbage. When the security specialists tried to measure the collection of applications against the Open Web Application Security Project standard, it turned out that 16% of American government Internet software was secure, while the finance industry could boast a result of 24%, and commercial software was more than ¼ secure – 28%.

Then the SANS standard was used to measure offline software. The results were following: only 18% of the US government applications passed the check, while the finance industry managed to secure 28% of its applications. Unsurprisingly, 34% of commercial software was good.

Although the private sector coding was also awful, it appeared to be a lot better than anything the government could suggest. Internet software was especially bad. For example, over 40% of government web applications were vulnerable to SQL injections. When the researchers checked cross-site scripting, which lets the hackers to inject their own code into a site, they found out that 3/4 of government-written software was vulnerable, while only 2/3 in the finance industry and 1/2 of commercial software were that bad.

The reason for the difference is expected to be the private contractor system in the United States, which actually rewards bad coding. Indeed, in reality, the private sector software writers, who create insecure code for the government, later get additional pay in contract add-ons for fixing the problem.

Link to comment
Share on other sites

The last post in this topic was made more than 14 days ago. Only post in this topic if you have something valuable to add. Irrelevant posts are not allowed and you will be warned/banned for spamming old topics.

Guest
This topic is now closed to further replies.
 Share

×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.