X
Business
Home Business Developer

Developer guidance on “unsafe” cryptographic algorithms

With the UK’s Infosecurity Europe show little more than a month away now, the security vendor community is busily polishing up its latest batch of cure-alls and wonder-tools to aid developers and security specialists in the good fight against ‘rouge’ code.There will be talk of firewalls, new detection techniques and possibly even self-learning apps that use social networking threads to gauge threat status as viral malware starts to evidence itself across the web.
Written by Adrian Bridgwater, Contributor

With the UK’s Infosecurity Europe show little more than a month away now, the security vendor community is busily polishing up its latest batch of cure-alls and wonder-tools to aid developers and security specialists in the good fight against ‘rouge’ code.

There will be talk of firewalls, new detection techniques and possibly even self-learning apps that use social networking threads to gauge threat status as viral malware starts to evidence itself across the web.

While it would be unfair to say that some of this will lean towards scaremongering, there will no doubt be some pretty creative story pitches.

A vague whisper of the kind of report that may surface next month landed (safely and without malicious intent) in my inbox earlier this week. Centred around developer ‘confusion’ over safe versus unsafe cryptographic algorithms, there is now a “manifesto” to provide programmers with an encryption check-list to ensure safer builds result at every level.

So an unsafe cryptographic algorithms guide; hogwash, hullabaloo or home-truth?

The report is available here for free download without registration. Unsurprisingly there is a security vendor behind this; in this case it is Fortify. Credit to them for at least making it free without any extra surfing on their site over and above the link I have shown here.

Before you get your self a cup of tea and get ready to phone your CTO with ground-breaking news, this is an eight page “manifesto” in 1409 words – and 318 of those are the references appendix. So it’s not exactly the security developer’s Magna Carta.

That being said, the report’s author has taken the trouble to draw an important distinction and differentiate between problems that introduce real risk to systems being developed today, as opposed to hypothetical research focused on attacks that won’t be feasible in the mainstream for years.

As always with these things, be as sceptical about the validity of the reports and tools being proffered as you about the very threats that exist on the web and inside the systems and ecosystem in which you live. That way, we all stay sharp and we all stay safe I reckon.

Editorial standards
Show Comments

Related

Linus Torvalds and Dirk Hohndel, Open Source Summit North America 2024

Linus Torvalds takes on evil developers, hardware errors and 'hilarious' AI hype

penguin holding an apple on Sonoma background

6 features I wish MacOS would copy from Linux

Placeholder product image alt text

The best AI image generators to try right now