Dennis Fisher

Microsoft Corp. on Tuesday continued the expansion of its security response process, unveiling a new security mailing list specifically for home or other non-technical users. The Home User edition of the Security Update newsletter will deliver security bulletins and other security-related information to users who dont need all of the technical details contained in Microsofts […]

When the final version of President Bushs cyber-security plan is released later this month, its success, in large part, will hinge on the willingness of industry to buy in to the plans recommendations. The National Strategy to Secure Cyberspace depends heavily on network operators and industry groups sharing with the government information on network attacks, […]

The IT security industry has looked to medicine for metaphors and ways of thinking about network protection. Sana Security Inc., a San Mateo, Calif., startup, is extending that relationship with the introduction of its Primary Response application security platform. The software, unveiled last week, observes application/operating system interactions and learns the code paths that each […]

Network Associates Inc.s Sniffer Technologies division on Monday introduced a new forensics analysis solution that has the ability to capture, inspect, reconstruct and replay network traffic. The solution is designed to allow administrators to delve into security events and other network anomalies in order to trace their origins, find their intended targets and assess any […]

Sanctum Inc. on Monday released a new application designed to enable developers to perform security testing and vulnerability assessments of their software during the development process. AppScan Developer Edition 1.5 is targeted mainly at Web application developers and is completely integrated with Microsoft Corp.s Visual Studio .Net software. As a developer goes through the coding […]

Microsoft Corp. on Wednesday released another cumulative patch for Internet Explorer that fixes two new critical vulnerabilities in the browser. The two flaws are somewhat related in that they both involve problems with IEs cross-domain security model. The first vulnerability could allow an attacker to run malicious code on a users machine by misusing certain […]

The brief crisis of conscience that led researchers at Next Generation Security Software Ltd. to reconsider whether to release exploit code with their vulnerability reports has passed. David Litchfield, the companys co-founder, on Wednesday said he and his brother, Mark, will continue to publish sample exploits in an effort to give administrators and security specialists […]

The forthcoming final version of the National Strategy to Secure Cyberspace will call for a comprehensive cybersecurity response system that will depend heavily on contributions from the private sector. The system, as described in the most recent draft of the document, will rely on a broad information-sharing program both inside and outside the federal government, […]

As part of its effort to encourage the development and use of more secure software, the federal government is quietly moving toward buying such programs in an expedited way, outside of the normal procurement process. Software vendors say that some government agencies have begun this process already, and a recommendation in the final version of […]

The number of attacks on Internet-connected machines decreased over the past six months while the number of software vulnerabilities continued to skyrocket, according to a new report. In the last half of 2002, the number of attacks per week at a given company fell by 6 percent to 30, compared to the previous six months. […]