[ news_security_news ]
Application Security Problems Stem From Customization
Chris Crum
Staff Writer
2006-07-20
 Insider Reports RSS Feed
According to Gartner Research, the biggest root of application security problems is the customization of the applications themselves.
People purchase applications and have to make adjustments to their code in order to get them to do the jobs how they want them to.
Unfortunately in many cases, this customization can lead to vulnerabilities. IDG News Service reports on this and what Gartner has to say about it (particularly director Rich Mogull):"Custom code does not undergo the same QA testing as commercial code does," Mogull said.
"All major applications, be they an application server or off-the-shelf software is implemented mostly through custom code and this is one of the biggest issues facing major application security. But what is even worse about this is any vulnerability you have in your system is yours and no one else will find it but you.
"The advantage of off-the-shelf programs is that vulnerabilities are managed by vendors through patch update, but typically the security models that we do see featured in some applications are limited compared to the amount of customization done on applications to get them running." The focus appears to be on SAP, PeopleSoft, and Oracle with SAP displaying the most related problems.
Mogull noted that PeopleSoft has the better security models, but they have started to rub off on Oracle since it's acquisition.
Tags: security
Add to Del.icio.us | DiggThis | Yahoo! My Web | Furl
About the Author:
Chris Crum is a staff writer for SecurityProNews and WebProNews.
More news_security_news Articles
Insider Reports RSS Feed
|
|
iEntry 10th Anniversary
RSS
Archive
