:: Deepquest ::

One reason software security vulnerabilities are so tough to fix is because they are so hard to find. Unlike other bugs that become apparent when an application acts up, security holes tend to hide from normal view. And that’s just how the hacker underground likes it.

“If we want to master finding, fixing and remediating security vulnerabilities, it’s these side behaviors we have to understand,” explained computer scientist James A. Whittaker, co-author of How to Break Software Security, during Wednesday’s Secure Software Summit in San Diego. The three-day conference is tailored to those who manage and create software applications, which now are estimated to account for 75% of hacker attacks.

Much of the event focused on ways to better build apps and then audit them for holes that hackers can exploit. But speakers like Whittaker, who works at both the Florida Institute of Technology and application security provider Security Innovations, also urged developers to understand their adversaries. Hackers, he said, tend to be one-trick ponies. “They’ve perfected their method of getting into your software and that’s it? All they need to get into your network is one hole,” he said.

have the same kinds of pressures we have. All they have to worry about is one thing — and that’s getting into your computer.” In fact, Whittaker added, studying hackers can be depressing. They tend to have limited C programming and assembly skills, but they can access thousands of free hacking tools through Web sites that also offer tips and tutorials. It’s that information sharing that makes the hacking community so formidable.

more from [url=http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci1079804,00.html] Tech Target[/url]