Monday, January 19, 2009
Avecto Reduces Risk of Dangerous Coding Errors and Enables Least Privilege
Experts announce agreement on the 25 most dangerous programming errors - and how to fix them
Manchester, 19th January 2009
Avecto Ltd, the leader in Windows privilege management for
corporate desktops, today announced its support for a recent
publication by CWE/SANS on the 25 most dangerous programming errors
and how to fix them. "The top 25 list educates developers on the
common coding errors that lead to serious software vulnerabilities,
which should be eradicated from software before it is shipped to
customers" said Mark Austin, CTO at Avecto.
The challenge for many organizations is that many of the
applications that contain these coding errors are critical to the
business, but are no longer being maintained by the vendor. Some of
the errors in the list relate to organizational behavior and
policy; for example, 'CWE-250: Execution with Unnecessary
Privileges', which can result in an all too common scenario, where
an application will only function correctly under an admin
account.
"Legacy or badly written applications often require elevated
privileges, resulting in organizations giving their users a
privileged account in order to run these applications. Implementing
Avecto Privilege Guard enables organizations to elevate the
privileges of a problem application, while allowing users to log on
to their computers under standard user accounts" said Austin.
"Although this should not be seen as a substitute for coding an
application to use the correct privileges in the first place, it
significantly reduces an organization's exposure to running their
users under privileged accounts, where re-coding a legacy
application is simply not a viable option".
Even when an application requires a privileged account for a
legitimate purpose, Privilege Guard can be used to assign these
privileges to the application and not the user. This ensures that a
user or application cannot inadvertently abuse a privileged
account, as privileges will only be assigned to the applications
that require them, and are governed by policy settings defined by
the IT department.
For a list of all 25 errors, please visit http://cwe.mitre.org/top25/#CWE-250
About Avecto
Avecto is the leader in Windows privilege management, helping
organizations to deploy secure and compliant desktops and servers.
With its award winning Privilege Guard technology, organizations
can now empower all Windows based desktop and server users with the
privileges they require to perform their roles, without
compromising the integrity and security of their systems.
Customers of all sizes rely on Avecto to reduce operating
expenses and strengthen security across their Windows based
environments. Our mission is to enable our customers to lower
operating costs and improve system security by implementing least
privilege. Avecto is building a worldwide channel of partners and
system integrators and is headquartered in Manchester, UK. For more
information, visit www.avecto.com.
Contact:
Donna Shaw
donna.shaw@avecto.com
Back to Full Listing