A Brief History of Cybercrime and Cyberwarfare - The Technical and Social History of Software Engineering

Information Technology Reference

In-Depth Information

To date, cyberattack insurance costs vary widely and range from between about

$15,000 per million of coverage to $35,000 per million of coverage. This is per-

haps why many companies self-insure for cyberattacks.

Personal cyberattack insurance does not seem to be currently available, or at

least it does not show up in web searches for “personal cyberattack insurance.”

Secure Programming Languages

Because many security flaws are due to poor programming practices, it is theoret-

ically possible to develop hack-resistant languages that would help in preventing

cybercrime. Several languages such as E and Joule are cited as being secure.

The SEI started a programming language security initiative as part of the CERT

program. There are security standards and guidelines available for a number of

languages.

However, more and better data about language vulnerabilities are needed. The

computer security engine discussed earlier in this chapter would have a feature that

analyzed all reported attacks, including zero-day attacks, and generated statistics

of attack frequencies by programming language. In addition, the computer secur-

ity engine would try to identify the specific vulnerabilities that the attack utilized

and generate potential countermeasures.

Some companies such as CAST Software also perform studies of both bugs and

security flaws associated with various programming languages such as COBOL,

Java, SQL, C and C dialects, and the like.

The software industry has at least 2,500 known programming languages, and

new languages are being announced at rates in excess of two per month. It is not

easy to stay current on the security features of programming languages without us-

ing intelligent agents to gather data in real time followed by statistical and forensic

analyses of successful and unsuccessful attempts at hacking the languages.

It is also clear that hack-resistant languages need to stay away from computer

hardware and computer BIOS files. A synergistic combination of hack-resistant

hardware combined with hack-resistant software and hack-resistant languages,

plus a suite of strong firewalls and antivirus packages, all seem to be congruent in

eliminating one of the major threats of the 21st century.

Search WWH ::

Custom Search

Home