Microsoft Security Improving

Officials from Cenzic, Inc. found through its analysis that Microsoft Corp.’s Internet Explorer was the least vulnerable Web browser in the last quarter. In other news, Gemalto NV has added identity protection into Windows Server 2008, while VMware, Inc. announced a new developer tool for security.

Focal Points:

• Cenzic recently released its report on application security trends. The report covered results of its findings from the fourth quarter of 2007. While there was a decrease in the total number of new vulnerabilities discovered, Web application vulnerabilities continue to be the most persistent. The report also showed that Internet Explorer was the least vulnerable Web browser, compared with Mozilla Firefox, Opera Software ASA Opera, and Apple, Inc.’s Safari.
• Officials from Gemalto announced they are working with Microsoft to embed smart card technology into .NET in Windows Server 2008. Officials also announced its Strong Authentication Server would be supported on Windows Server 2008, in addition to its family of two-factor security devices. Officials claim this will strengthen the security of Windows server for enterprise customers. Some of the capabilities included are secure data and applications, and protection of digital identities.
• Executives from VMware recently announced the availability of a security developer tool. Officials say the tool, VMsafe, will help to develop applications from monitoring applications running on VMware's virtual environment. While the tool does not provide security itself, it provides an application programming interface that will allow security application developers to get security information out of the hypervisor. Some of the 20 vendors that plan on using VMware's new API for their products include Checkpoint Software Technologies Ltd., McAfee, Inc., and Symantec Corp. Officials from McAfee have already successfully tested its host intrusion software with this API.

Experton Group believes new APIs into operating systems and applications will increase the ability of application developers and security managers to more quickly identify and prevent future security outbreaks. The development of new APIs specifically for security shows a positive move by the development community to work from the beginning with security personnel to make it easier to protect systems from attacks and to mitigate the risks presented by them when attacks do occur. Security breaches will certainly continue to occur, and the organized efforts behind data theft will never go away. IT executives should ensure application developers and security personnel work together throughout the application development lifecycle to anticipate threats and find ways to identify and mitigate vulnerabilities.