About Me

My photo
I Am Hamza Subedar in 14th And Doing Software Engineer And Like To Solve Computer and Of Any Gadgets Problem I Like To Tell People That I Can Help To Solve Your Problem Anyways Bolg Me And Get your Problem Solve


Sunday, March 25, 2012

Worst Software Originates From US Government

According to experts’ opinion, the US government holds the reputation of the writer of the worst software code ever.

According to the famous insecurity researcher, the American software developers are responsible for considerably more hackable security flaws in their code. That’s what the chief technology officer of bug-hunting company Veracode is going to tell delegates at the Black Hat Europe security conference in the Netherlands this week.

He has been looking at almost 10,000 pieces of software over the second half of 2010 and 2011. The software was scanned for errors which the hackers could use to hit either a website or a user’s computer.

80% of the applications failed to fully live up to the security criteria. However, breaking down the results between American government and private sector, the software developed by government team appeared to rank as garbage. When the security specialists tried to measure the collection of applications against the Open Web Application Security Project standard, it turned out that 16% of American government Internet software was secure, while the finance industry could boast a result of 24%, and commercial software was more than ¼ secure – 28%.

Then the SANS standard was used to measure offline software. The results were following: only 18% of the US government applications passed the check, while the finance industry managed to secure 28% of its applications. Unsurprisingly, 34% of commercial software was good.

Although the private sector coding was also awful, it appeared to be a lot better than anything the government could suggest. Internet software was especially bad. For example, over 40% of government web applications were vulnerable to SQL injections. When the researchers checked cross-site scripting, which lets the hackers to inject their own code into a site, they found out that 3/4 of government-written software was vulnerable, while only 2/3 in the finance industry and 1/2 of commercial software were that bad.

The reason for the difference is expected to be the private contractor system in the United States, which actually rewards bad coding. Indeed, in reality, the private sector software writers, who create insecure code for the government, later get additional pay in contract add-ons for fixing the problem. 

No comments:

Post a Comment