RSA 2010: Where is your software most vulnerable?

David Spark here reporting for Tripwire at the 2010 RSA Conference in San Francisco.

After their presentation “Correlating static and dynamic analysis results for more secure software” (read my summary) I spoke with Jacob West, Director of Security Research at Fortify Software, and Jeremiah Grossman, CTO and Founder of WhiteHat Security.

I asked them what are the most common vulnerabilities they see when they’re conducting dynamic and static analysis.

I was also interested to know how they simulate new attacks from bad guys, and it turns out the bad guys aren’t doing anything new. No need to. They just want to do the easiest and cheapest attack. They have the same business model as we do–ROI.

Check out more of Tripwire’s coverage from the 2010 RSA Conference in San Francisco.

Tagged as: dynamic analysis, hackers, IT Security, IT Security and Data Protection, RSA, RSA 2010, RSAC, static analysis

This post was written by…

David Spark has contributed 113 posts to The State of Security.

Twitter @dspark

Contact David Spark

David Spark is a veteran tech journalist and founder of Spark Media Solutions, a media consulting and production company. Acting as the "media" of "social media," Spark Media Solutions helps its clients be seen as leading voices in their field through brand-quality media production and distribution through top tier media channels.