The issue of customer data security breaches in government offices is usually presented as a data leakage prevention problem - but it is really about the vulnerabilities in buggy software and really stupid bugs at that.

Let's take two cases that from a geographical and cultural perspective, have absolutely nothing in common - Oaklahoma and England.

In another of a long series of customer data breaches, The Oaklohama Dept of Corrections enabled wholesale leakage of social security numbers by a really stupid mistake of encoding SQL in the URL query string.

HM Revenue & Customs had to shut down its Tax Credit portal website in December 2005 after discovering fraudsters had been using the identities of Department of Work and Pensions staff to enter the system and steal customer data. Another IT scandal occurred not so long ago involving the HMRC when they fired EDS consulting company after the system it tried to implement proved as a total failure. It could be just a coincident that the DWPs was also using the services of EDS, but than again it may not…

Outsourcing programming is just not an excuse for common sense and following the basics of Secure web application coding practices.

Guidance Software had a pretty nasty extrusion event last month; losing 3800 credit cards according to Washington Post staffer, Brian Krebs. I find it ironic that Guidance specializes in forensics software for law enforcement agencies; according to their Web site: Guidance Software was founded with a clear purpose: to develop solutions that search, identify, recover and deliver digital information in a forensically sound and cost-effective manner.

Companies spend millions on compliance, but proprietary assets are still getting ripped off by insiders and hackers who compromise buggy, poor-designed applications.

Here are seven software development mistakes you don't want to make.

I hope that after 9/11 people don't think that closed source means secret and more secure. In reality, the most secure systems available today are based on the open source model and peer review. There is absolutely no question that the secret to creating great software that is also secure software is by marshalling as many smart people as possible to the task.

Traditionally, software security was equated with secrecy. You lock up your house, your car and your valuables. In the software community, you "lock up" the programming source code as a means of securing it against hackers and competitors. To the closed source camp, a system can't be truly secure when its source is open for all to read. Secrecy is security, and when applied to an otherwise secure system, concealing the source improves the security. It slows up intruders and, in the event of a breech, keeps damages at a minimum. Another argument is that with freely available blueprints, crackers will have it easy writing malicious code to attack systems.

Firms often start off developing Web applications with ASP and Flash and discover that there is a high cost of maintaining site security, managing content and supporting additional languages like Hebrew, Russian and Arabic

After performing Web application threat analysis, we help customers re-engineer their Web applications using flexible and reliable Linux-based technologies.