2. Believing Security can be bought: that magic device that I bought will take care of everything.

3. Trusting Anti-virus is enough to safeguard the system: Feel safe once installed.

4. Cleaning instead of prevention: Trying to clean the malware after it has already infected instead of putting in all the measures that could have avoided the malware infection itself.

5. Ignore proactive security measures:Not proactively assessing the security posture of the system in order to fix the loopholes and strengthening the system.

6. Not willing to take the hard step: patching and hardening is hard to do.

On the last point, yes, it is hard, because,

• Users are not aware what patches to apply
• It takes too long to download and install for each application
• It takes away time from the core work
• Not aware what the update might do

Hardening the security posture of the system, knowing the loopholes and applying the fix is a very effective and proven defense system. This requires a deeper or may be simpler, second look.

Most give us a blank look, puzzled that we ask such questions and wondering why at all we are worried about all these.

‘Sir, I have taken a Java course, why don’t you ask questions in that? Nobody ask these questions in the Interview, that’s why I didn’t prepare.’

Now, do you need preparation for these? Are these not elementary?

Alright, I oblige, is Java platform independent language?
‘Yes. ‘

How does Java achieve platform independence?
Puzzled again!

What was your favorite subject during your graduation?
C, C++

What about Non-Programming subject?
‘Non-programming, hmm…’

You didn’t study Operating System, Computer Networks?
‘Yes, but I haven’t prepared for it.’

Some questions to Electronics Engineering graduates which do not get answered,
- What is an ADC?
- Write an Adder circuit
- What is the RF range?

I understand, the industry as such as redefined “Computer Engineer” or “Software Engineer” to a greater extent that people often think, it is anybody who can remember a few things in Java, ASP.Net etc. Many Universities and Colleges have invented “Information Technology”, “Information Science” without actually helping the students understand the differences. It is also that Teaching is considered low-profile just like the belief that Testing is considered low-profile foolishly.

At SecPod, we are trying to solve Computer Security problems and we really need Computer Science Engineers. I am confident there are really good people out there and we are on the hunt for them.

Opportunities stemming from Software Commoditization

‘Necessity is the mother of all inventions’ is a well-said proverb that fits precisely to this argument. Now-a-days, prominence is given to integration of various hardware or solutions rather than programming a new. There is no necessity for fresh solutions right now. We have been benefited by hardware commoditization. There is a rise of PC clones, replacing integrated proprietary systems with interchangeable parts available from multiple sources. Novel solutions are rather needed, when cohesive solution works well in the market. The rise of middleware and operating systems help commoditize many software layers and components. Increase in free and open source software fuels commoditization.

Price of software and hardware solutions has reasonably reduced. These solutions have become affordable to common man, encouraging them to discover various prospects in this software industry. This has given rise to many entrepreneurs in this profession and numerous solutions that have been able to build on these open source commodities.

There is a significant increase in technology convergence and standardization. For example, bundling is a common aspect of software solutions. A proprietary solution is often bundled with a commoditized solution and gains popularity in the market. There is a steady increase in the usage of many Linux distributions – Red Hat, Ubuntu, etc.

Commoditized solutions act as a baseline for many other software solutions and are a point of reference. Innovations are still there, may not be traditional ones, but commoditization has geared up many companies by revolutionizing new ideas fabricated upon these commoditized components.

Limitations stemming from Software Commoditization

Low priced software often compromise on quality of software. Numerous bugs are identified and a constant need for enhancement exists.

There is a deficiency of funding in research and development in many companies. Innovations are not often from the scratch. Software professionals definitely need to design their approach to make use of existing free solution to maintain low cost.

Competitions in market are an obvious fact of commoditization. Almost everyone is trying to grab the market and scale well by quoting low prices. Disruptive technologies are evolving due to commoditization.

Strategies to adapt to Commoditization

1. Bundling software is a very effective strategy. Proprietary software can be bundled with commoditized component to gain prominent status in market and win customers.
2. Patents are often used as a strategy against commoditization. Trademarks, registered software and copyrights are some approaches used by companies to an advantage in market.
3. Knowledge of middleware can facilitate opportunities for better growth in this era of software industry.
4. Building a brand using commoditized components and leaving the rest to customer decision is often a safe approach. Example: using YouTube and blogs, or providing evaluation copy of software to demonstrate the power of our software can work well in this market.

Time has to be given to this trend to downsize. Many approaches and strategies can be listed here to adapt to commoditization. Software industry is maturing fast. Time changes drastically in this industry. There are no fixed set of rules. Every software professional must decide and analyze their stratagem to actualize their approach to acclimate to commoditization.

Middleware is reusable infrastructure software residing between applications and the underlying operating systems, networks and hardware.

Benefits of Middleware

Middleware has primarily given us portability. It effectively manages memory allocation and relocation, data, processes, states, and replication. An assortment of applications can run at the same time. Parallel programming has become smooth to the tip of our fingers. It leverages hardware and software technological advances. It controls end-to-end resources and quality of service.

Numerous libraries cater to the basic or complex needs of our software. We are at ease; we can make the same piece of code work on any platform; we can program fast and there is less work. In the recent times, many applications have been developed with the help of readymade solutions and libraries offered by this layer. So development is quick, hence implementation time in the software life cycle has fairly reduced. Evolution of new requirements in software and environment is guaranteed with middleware.

There is a market for software developers who are hired for developing applications on middleware, Java developers, and Android developers. Also, the availability of such developers is vast, therefore hiring and putting them straight to work with some amount of basic training works well in many software companies.

Limitations of Middleware

For critical applications, performance is a major deciding factor for the application to ardour in this competitive world of abundant applications. In general, for many, performance might not be acute; hence it is generally a trade-off. Because of this middleware shield, we hardly get to design our software for performance. Most actions and decisions of memory management and resource usage are upheld with middleware, so penetrating to those levels of tailoring software is not possible.

With the genesis of middleware, large applications have evolved, sustaining of these remains a concern for software developers. We have a wide variety of programs to perform various tasks. It is required to put consistent time to support such software in long run.

Last but most important, there are competitive advantages of providing custom proprietary solutions. It makes it stand-out and precisely caters to real needs of customers. There is a certain demand for such software that needs to address tailored needs of clients. Getting employees to work such tasks is fairly difficult because it requires assured expertise.

Summarizing the above, it is the collective decision of architects and developers to elect what is the requirement of their software and what can be traded-off to best suit their needs.

More information can be found here.

Welcome any feedback or suggestion.

Cheers!
SecPod Research Team

More information can be found here.

Welcome any feedback or suggestion.

Cheers!
SecPod Research Team

More information can be found here.

Welcome any feedback or suggestion.

Cheers!
SecPod Research Team

More information can be found here.

Welcome any feedback or suggestion.

Cheers!
SecPod Research Team

More information can be found here.

CVE Info : CVE-2012-3790

Welcome any feedback or suggestion.

Cheers!
SecPod Research Team

More information can be found here.

Welcome any feedback or suggestion.

Cheers!
SecPod Research Team