Microsoft now 'gets' security at every level of the organisation but the wider software industry has yet to match its zeal, the company has said in its latest Software Development Lifecycle (SDL) Progress Report.
From PCWorld:
From PCWorld:
Despite this, only 43 percent of the 41 common applications surveyed by Microsoft fully enabled support for ASLR defence, with 19.5 percent not supporting it at all. Major culprits were browser plug-ins which undermined that all browsers supported it. Ironically, around one in five security products also lacked ASLR.Microsoft Rebukes Developers for Poor App Security
"This [the lack of support in security software] is noteworthy given that security products are inherently exposed to untrusted data and the limited adoption of ASLR might therefore make it easier for attackers to exploit vulnerabilities in security products," the authors explain.
