Well starting with good development practices, along with the SDLC would help greatly. Maybe back to Waterford Model, or Spiral Model of application development...
But security needs to be full integrated, and regression tested at each step of the software development cycle, and they should hire some savvy security vul researchers that can help fuzz and try and break functionality in the end product before it goes RTM.... Wash/Rinse/Repeat... Improve their process, till he bugs of old, become no more.... Z Edward E. Ziots CISSP, Network +, Security + Network Engineer Lifespan Organization Email:[email protected] Cell:401-639-3505 From: Michael B. Smith [mailto:[email protected]] Sent: Friday, August 06, 2010 2:49 PM To: NT System Admin Issues Subject: RE: Adobe Acrobat Font Parsing Integer Overflow Vulnerability Apparently 3 or 4 MSFT people have recently jumped ship over to go over to Adobe to help them develop their own SDL... Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com From: Ziots, Edward [mailto:[email protected]] Sent: Friday, August 06, 2010 2:47 PM To: NT System Admin Issues Subject: RE: Adobe Acrobat Font Parsing Integer Overflow Vulnerability Yep, And still going to keep coming, until Adobe changes its ways... Z Edward E. Ziots CISSP, Network +, Security + Network Engineer Lifespan Organization Email:[email protected] Cell:401-639-3505 From: Andrew S. Baker [mailto:[email protected]] Sent: Friday, August 06, 2010 1:16 PM To: NT System Admin Issues Subject: Adobe Acrobat Font Parsing Integer Overflow Vulnerability https://isc.sans.edu/diary.html?storyid=9334#comment Another Adobe Acrobat vulnerability... ASB (My XeeSM Profile) <http://XeeSM.com/AndrewBaker> Exploiting Technology for Business Advantage... Signature powered by WiseStamp <http://www.wisestamp.com/email-install> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
