Issue No. 02 - March/April (2004 vol. 21)
<p>In the News</p><div><em>Whose Bug Is It Anyway: The Battle over Handling Software Flaws</em></div><p>Attacks exploit vulnerabilities in software code. They come in many forms: logic attacks, Trojan horses, worms and viruses, and variants of each. They serve a host of purposes: corporate espionage, white-collar crime, social "hacktivism," terrorism, and notoriety. Greater connectivity, more complex software, and the persistence of older protocols ensure growing vulnerability. Although marathon patching sessions have become the norm for harried IT administrators, even top-of-the-line patch management can?t keep up with malicious code?s growing sophistication. What happens when a software vulnerability is discovered? To establish agreed-on "best practices" to guide the process of reporting bugs, several companies have come together to form the Organization for Internet Safety. There is also a set of informal guidelines called RFPolicy, the open source equivalent of the OIS recommendations.</p><p><em>A Trip to South Africa</em><div>Alan Davis describes his sabbatical teaching in Cape Town, South Africa.</div></p>
A. Davis and A. Applewhite, "In the News," in IEEE Software, vol. 21, no. , pp. 94-99, 2004.