RSA 2010: Where is your software most vulnerable?

David Spark here reporting for Tripwire at the 2010 RSA Conference in San Francisco.

After their presentation “Correlating static and dynamic analysis results for more secure software” (read my summary) I spoke with Jacob West, Director of Security Research at Fortify Software, and Jeremiah Grossman, CTO and Founder of WhiteHat Security.

I asked them what are the most common vulnerabilities they see when they’re conducting dynamic and static analysis.

I was also interested to know how they simulate new attacks from bad guys, and it turns out the bad guys aren’t doing anything new. No need to. They just want to do the easiest and cheapest attack. They have the same business model as we do–ROI.

Check out more of Tripwire’s coverage from the 2010 RSA Conference in San Francisco.

Tags: dynamic analysis, hackers, IT Security, RSA, RSA 2010, RSAC, Security, static analysis

This entry was posted on Thursday, March 4th, 2010 at 2:29 pm and is filed under Security. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.