Most focus IT security efforts on perimeter and endpoint protection — network security, host security, virus protection, and firewalls. As this article on This SC magazine points out that applications that protect vital information could still remain too vulnerable.
“Overlooking vulnerabilities within software that already has been deployed puts government agencies and industry at tremendous risk for attacks, data loss and process interruption.
“One need look no further than the attack on Google by hackers in China earlier this year, enabled by a zero-day vulnerability in Microsoft’s Internet Explorer, for a sobering reminder of how even the biggest software companies with the best processes can produce insecure code.”
