Security KPI

TheMSsForum.com: The Microsoft Software Forum

The MSS Forum ‹ Security
- Archive
  - Biz
  - MCSE
  - CRM
  - Drivers
  - Framework
  - ADO
  - ASP
  - Compact
  - Forms
  - Dotnet
  - C#
  - VB
  - FontpageGen
  - Excel
  - WorkSheet
  - Exchange
  - Setup
  - Fox
  - Fontpage
  - ASP
  - IIS
  - Entourage
  - Money
  - Messanger
  - PocketPC
  - Powerpoint
  - Project
  - Publisher
  - Excel
  - VB
  - Security
  - Portal
  - Services
  - SQLServerDev
  - SVCS
  - SQLServer
  - VB
  - VC
  - MFC
  - ExcelGen

- Previous
  - 1
    - Pix Firewall question I have been having problems sending e-mail to a specific e-mail address. When I send it to the address from my workstation, I get a NDR error (5.7.1). However, I can send it from my personal e-mail account. I understand that having certain ports on a Pix firewall closed can goof up e-mail. What ports need to be open and how do I check to see if they are? Tag: Security KPI Tag: 81244
  - 2
    - Forgot my password for User Account Hello, I recently relocated to another State. Before I moved I had changed my user account password. Now that I'm getting unpacked and setting up my computers I can't find the notebook that I wrote down my User password in. Of course I can't get past the initial screen and Microsoft support can't help me. Is there anyway to either access that password or to get around it. I apprciate any suggestions that anyone may have -- Dee C Tag: Security KPI Tag: 81243
  - 3
    - Identify the locations of Domain Groups I would like to find a way to identify all of the different folders and shares that a Domain group has been added. Is there a way to find where a Domain Group has been added? Tag: Security KPI Tag: 81242
  - 4
    - Security Document Handling I am trying to open security to add documents in document handling and I have to have full access to the entire Basic group to get it to work. Can someone help me narrow this access down? Thanks Tag: Security KPI Tag: 81238
  - 5
    - domain users added to local administrators cannot use the IPSEC certification of administrator? HI, I've applied a IPSEC certification from a Windows2000 standalone CA for administrator ( local machine) ,then add a domain user --"test01"-- into the local administrators group. When I login domain with test01 ,and use the certification to authenticate with the CA , it's failed . why it happens? the domain user --test01-- has full right of the PC, but cannot use the certification ? help me!! Tag: Security KPI Tag: 81228
  - 6
    - norton stopping internet connection I was using norton antivirus , when it expired i replaced it with norton spyware edition, I downloaded it from the symantec site.I believe the old version is replaced by the new one you install. Since download, having trouble with connecting to internet unless I turn off the firewall. When sbc self support tool checks my dsl connection, it says my modem needs to be directly connected to the computer. When I turn off the norton firewall. I have no problem with my connection. Sorry if this is in the wrong spot,having a hard time getting around! Tag: Security KPI Tag: 81227
  - 7
    - parental controls I got got dsl. I find the parental controls useless because my son can get online anytime (it's always connected) How can I make sure that the only access he has to the we is through my MSN browser which has the parental controls? Tag: Security KPI Tag: 81226
  - 8
    - Dialer.wsv I have NAV installed on our machines at our office, and it just recently caught Dialer.wsv on my machine. inst.exe and hooks.dll were found at c:\. NAV caught it, and I wasn't infected, but what I'd like to know is how it got on my machine in the first place. Symantec info on the virus states that it might be installed by malicious web sites.I typically use Firefox to browse (not that it can't have issues), but I don't even remember browsing a site that could possibly have had a virus. Especially around the times that it was found. We just went through a big long clean up trying to tighten up security on our machines, and I thought we were up to date and clean. Does anyone have recommendations on how to track down where virii come from on XP Pro boxes? Tag: Security KPI Tag: 81221
  - 9
    - nortonspyware stopping internet connection? ijust changed from norton 04 to the anti spyware 2005 and am having trouble getting an internet connection, getting on sites, page cannot be displayed will come up. If I turn off the norton firewall it works no problem. Is there something I am missing? Any suggestions greatly appreciated.I have xp sp2 When I try to turn off windows firewall , it still says it is on. Tag: Security KPI Tag: 81220
  - 10
    - Sun Java - Security Release for critical vulnerabilities (07 Feb-06) [Followup set for microsoft.public.internetexplorer.security] Sun Java - Security Release for critical vulnerabilities (07 Feb-06) http://www.dozleng.com/updates/index.php?&showtopic=8095 http://www.frsirt.com/english/advisories/2006/0467 <QP> Note: It is recommended that affected versions be removed from your system. For more information, please see the installation notes on the respective java.sun.com download pages. </QP> http://sunsolve.sun.com/search/document.do?assetkey=1-26-102171-1 -- ~Robear Dyer (PA Bear) MS MVP-Windows (IE/OE, Shell/User, Security), Aumha.org VSOP, DTS-L.org Tag: Security KPI Tag: 81216
  - 11
    - How secure is "Password Safe Application" ? Do you think it is an acceptable security practice use an application such as "Password Safe Application" from SourceForget.net to store server passwords in my organization ? Some admins want to store such Password Safe Application on a network share, protected by NTFS folder permissions to the admin group. Please advise. Tag: Security KPI Tag: 81214
  - 12
    - How does runas with /netonly option work? Hi, How does runas with a /netonly option create a login session? As per my understanding, a logon session is not created on the local machine when a /netonly option is used. Hence, I understand that whenever the process launched with /netonly option touches any network resource, a session is made upon that resource with the credentials specified in the runas command. What API/mechanism is used to create such a remote session? I know CreateProcessAsLogonW with LOGON_NETCREDENTIALS_ONLY option manages this, but my requirement is to do the similar thing without lauching another process. I need this so that untrusted domain accounts can be used to run tasks without requiring a logon and impersonation on my local machine. Thanks in advance, Madhu Tag: Security KPI Tag: 81209
  - 13
    - Internet and laptop users If I have a bunch of laptop users that I want to get internet access outside the office while on the road I need to secure there laptops. I can do this by way of hardware profiles and locking down various other things, but I also only want them to be able to view certain websites outside the office. I can lock down which websites they can view with content advisor built into IE. But from what I can see when they come into the occice and use there in office hardware profile the content advisor will also block them then. Is there away I can make this work, when they are out of the office using mobile intrernet link I can lock down which websites they view, when they are internal they have the ability to surf what I have set in the ISA proxy. Does anyone have any documents on best practises for locking these types of users down? Any help is appreciated. Thanks Tag: Security KPI Tag: 81208
  - 14
    - registering an application or otherwise notifying antivirus s/w ? Hello, I am working on a program in which the front end and back end talk to each other through a socket, so that triggers Norton AV on a lot of people's systems. Sure, the user can click through the warning but some people make the wrong choice and then they have trouble undoing it. It would be better overall if we can avoid notifying users in the first place. Is there any way to register the application with Norton and/or any other popular antivirus s/w makers? I'm hoping it can be arranged so that the application is recognized as OK (thus obviating the need to ask the user). It seems like antivirus s/w must come with some sort of built-in list, otherwise you would get warnings popping up all over the place ... Maybe this registry business is just wishful thinking on my part. If so, please feel free to tell me. Thanks for any information on this topic. Robert Dodier Tag: Security KPI Tag: 81203
  - 15
    - Internet Explorer is trying to change your network settings by mod I routinely execute several different scans in an effort to catch variations of spyware and, otherwise, malware that may have infected my systems. On at least a couple of occassions, while executing Symantec's on line scan, I have encountered a Zone Alarm Suspicious Behavior Alert stating "Internet Explorer is trying to change your network settings by modifying the file: WINDRVDIR\etc\hosts". Does anyone have a clue what's going on with this? Why would IE have any business trying to change the hosts file? Thanks Tag: Security KPI Tag: 81199
  - 16
    - 2nd request -- Java: Which version is safe? I'm using Windows XP Home SP 1. I use Outlook 2000, Firefox, and occasionally IE 6. I think the Java I'm using is v1.4. I downloaded it from Sun. I gather there's a security problem with it? Which version of Sun Java should I be using? <*((((><{ Fishy@Ocean.Net <*((((><{ Fishy@Ocean.Net Tag: Security KPI Tag: 81193
  - 17
    - Printer password Is it possible to add a password to a printer at home? Tag: Security KPI Tag: 81192
  - 18
    - shared computer tool kit from microsoft downloads i downloaded and installed shared computer toolkit for xp,it worked fine until i tryed to uninstall it,in the end it restricted me from doing anything on my desk top,eg useing the internet,deleting files basicly everything an administrator is capable of doing,it also screwed up the spyware the i had also downloaded from the same place.i had to create an other desktop in order to do anything.im also getting error messages eg; invalid picture, update loader usrprbd.exe dll,also a windows installer error, is there hope? Tag: Security KPI Tag: 81189
  - 19
    - email snooping Can email from my home computer using Outlook Express be intercepted en route and read? I am not concerned about security on my or the email recipient's computers . Just in between. Tag: Security KPI Tag: 81182
  - 20
    - windows security center Attempting to check the Windows security center the following message appears"The security center is currently unavailable because the "Security Center" has not started or was stopped. Please close this window, restart the computer (or start the "Security Center"service) and then open the security center again." After following directions above nothing has changed, should I be concerned? I show all the appropriate icons but cannot check the status. Tag: Security KPI Tag: 81181
  - 21
    - A new service in my task manager CAPMSRSK.EXE I am running windows xp sp2 on a disk top with 512 meg. Since my system has been running slow, I decided to invistigate. I ended the process in the task manger-CAPMSRSK.EXE. As soon I ended that process another one with the following name started CAPMSLAK.EXE. I ended that process and a third one started CAPMSSWK.EXE. I searshed for all three files on the hard with no results. I searched for the files in the registry, again with no result. I am woundering if anybody had come accross such a thing. Any help will be appreciated. Mike Hanhan Thanks Tag: Security KPI Tag: 81178
  - 22
    - removing McAfee virus scan from computer i am trying to install a new security on my computer, but first i have to remove McAfee security. i have removed everything or so i thought. but now it seems that i have not removed McAfee virus scan. i have tried everything but it still wont let me do it. i cant fing it anywhere on computer. can anyone help me out here Tag: Security KPI Tag: 81175
  - 23
    - "Unknown Publisher" sometimes and sometimes not Hello, I have a signed executable, that seems to behaving erratically. On certain XP/Server 2003 servers, I am able to get the "Digital Signature" tab when viewing the properties of the file. On some machines I don't get it. In the latter case, it behaves as though it is not signed. The cerfiticates used are from Verisign and I use the MS tools to sign the kits. Using chktrust.exe gives me the expected results after signing. I can provide more information if necessary. Any help or information on this is greatly appreciated Thanks Bobby Tag: Security KPI Tag: 81169
  - 24
    - Security Scanners Hey there, Anyone use a Server and network security sanner other than MBSA to sacn your networks? If so what products are available for free and for purchase? In your opinion what is the best scanner out there? Thanks in Advance. -Adam Tag: Security KPI Tag: 81161
  - 25
    - Win2003 SERVER file security BUG! Hi, I have win2003 server installed and i am sharing some folders. let me explain my problem with an example. i have a toplevel map named data, under data i have a map company and this is on a server named server-test. my toplevel map data is shared and my subfolder company is also shared so i can see them both when i am searching the directory structure of that server. both maps are shared for everyone with full control, change and read (shared, not the security settings!) so that everyone can see the maps. now, for the folder company, i have inheritable permissions ON. so, this means that if i set security permissions on DATA, the security permissions for COMPANY are also changed and yes, they are! When i look to the security settings of data and company, i see in company my username with the security settings grayed-out, so this means that the thing did it's job and inheritable permissions were passed trough to the underlying map. The security permissions is DENY on EVERYTHING, applied to this folders, underlying folders and files. now, when i go to server-test, i see 2 folders named data and company. when i click on data, i don't come in but when i click on company, i get in and i can see all files! The only workaround seems that i FIRST deny everything on the underlying map and then deny again on the top level map. The only problem then is that in the underlying map that is using the inheritable permissions i have both security settings in it. both on 1 name but if you check another box, you can see that the denied box is turning grayed-out. This seems very unlogical and unsafe! does anyone has a solution or am i doing somethig wrong ? regards, Verus Tag: Security KPI Tag: 81153
- Next
  - 1
    - Blocking IM Helllo, I have a small netowrk (10 server, & 60 desktops) that I want to block IM completely thoughout the network. What is the easist, least expensive way to block IM that is centralized (not needing to install something on each PC. I have turned off the specific IM ports, so I am assuming IM is using port 80 for access inside my network. I cannot turn off port 80. Thanks for any help Gerald Tag: Security KPI Tag: 81151
  - 2
    - spyware tcp connections from spoolsv.exe to internet!!! The past few days all running programs are trying to connect to the internet at random addreses. (mainly a1981.g.akamai.com and ports 80:http and 53:dns) (even spoolsv.exe) I have tried to search (advanced search) for spywares-rootkits-etc but i did not found any. Was running norton corporate client and had zonealarm freeware at the time it started. (captured it by seeing that spoolsv.exe tried to connect to the internet) replaced norton with avast free antivirus and zonealarm with kerio. the strange behaviour seemed to be more rare but did not got way yet. the behaviour is changing from time to time! Currently my work partner also has the same problem, but the spyware running on his machine mostly tries to connect to the sites listed on HOSTS file (we have putted a dummy site there and it tries to connect to that dummy) Like i had with spoolsv.exe he had also with userinit and lsass trying to connect to an akamai address lets say i connect to a site then close the internet explorer and then i try to go to a dif site the spyware through internet explorer tries to connect to the previous site (noone asked him too!!!) the firewall sees the connections are made from a legit program so they can not be blocked! I have looked at the list loaded by the legit apps and no new dlls are loaded. 1)Is there a good reason for this to be happening???? (i mean spoolsv.exe should not connect to the internet!) 2)Can you recomment a way to find - clean this spyware-or what ever it is? Tag: Security KPI Tag: 81150
  - 3
    - McAfee v Norton I have just set up a Dell computer. This came with 90 days AcAfee anti-virus already installed. I have not registered the product. Instead, I installed Norton 2006. Every time I boot up McAfee wants to register. I have tried going to add/remove programs, but it will not let me uninstall it, it says virus scan is already running and will not let me remove it. Anybody any ideas please. Thank you. S Tag: Security KPI Tag: 81149
  - 4
    - Getting XML to display properly My office is having to produce XML files (presidential directive to share data). We are using Apache 2 to serve up the raw XML pages (on a classified network), the client browser is having to compile the XSL files. We have various mandated XSL stylesheets making numerous modifications. We didnâ??t see any problem and have has several customers around the world able to see the pages without a problem. We canâ??t get some important data to a customer (we wrote several reports in XML, posted them and nothing but the combined, raw XSL data). The rest of our community can see the exact same pages without a problem (tested various XML files at various locations with various network configurations). This group has a Windows 2003 domain, security is normally VERY tight in their area so I expect their domain, security rules are very tight as well. This customer is using Windows XP Pro on client systems and Windows 2003 for domain controllers. Other WinXP systems on Windows 2003 domains have no problem. Our Win2K systems running on Server 2003 are not having any problem. I really need to help get these folks to view our reports properly. Do you know of a domain security issue that might be impacting this? -- TIA RoyB Please reply to email roy.mcse at bigfoot.com Thanks! Tag: Security KPI Tag: 81141
  - 5
    - Stolen Password How do I know if someone else has tried to use my password? How can I check to see when my account has been accessed? Tag: Security KPI Tag: 81138
  - 6
    - Locking down top level folder permissions We run Windows 2003 on our file servers. We are continually having a problem where top level folders on our shared drive are being accidently moved. I am looking for an easy way to lock down the top level folders with NTFS permissions. When I set the permissions on the top level folders, the permission are inherited by all subfolders and files, which we don't want. What is the easiest way to lockdown the top level folders, but not the subfolders and files. Tag: Security KPI Tag: 81135
  - 7
    - Can Malware Trash Disk? I am putting together a backup strategy and looking at the possible threats. It once used to be said that a virus could trash a HD, damage the mbr, etc. In which case I would need to reformat. However, I have not heard of a virus doing this for some years. Do I not now need to be concerned about this threat? thanks Davy Tag: Security KPI Tag: 81131
  - 8
    - Proxy server vs. DNS Forwarders If websurfing behind a proxy server affords a degree of Internet anonymity because the proxy goes out on behalf of the client and returns Inet resources to the client (and cahces them), is the same degree of anonymity provided by simply having a DNS server use forwarders to resolve all resources external to your inet domain(s)? Thanks -- JCB\1059 Tag: Security KPI Tag: 81129
  - 9
    - HOW can i subscribe to a Thread? Hi, Could any one let me know, how can i subscribe to a Thread? Tks In Adv Thiru -- Ramthir ----------------------------------------------------------------------- Ramthiru's Profile: http://www.highdots.com/forums/m184 View this thread: http://www.highdots.com/forums/t325405 Tag: Security KPI Tag: 81124
  - 10
    - Event ID 529 - Advapi My administrator account keeps loggin out. By reviewing my CD logs, I've found it is coming from one of my servers, see log entry below. However, I can't find exactly what on this machine is causing this or where it is coming from. I have checked Scheduled Tasks, Services, IIS virtual directories and security tabs, etc.. Am I missing something? Are there any tools or utilities I can use to narrow track this down?? Event Type: Failure Audit Event Source: Security Event Category: Logon/Logoff Event ID: 529 Date: 2/6/2006 Time: 8:55:54 AM User: NT AUTHORITY\SYSTEM Computer: SERVER1 Description: Logon Failure: Reason: Unknown user name or bad password User Name: administrator Domain: domain1 Logon Type: 2 Logon Process: Advapi Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0 Workstation Name: SERVER1 Tag: Security KPI Tag: 81122
  - 11
    - auto complete after many attempts and trying all the settings in Internet options and other areas my tablet pc running XP Pro...........I am unable to use auto complete or auto fill. It has not worked since the tablet was new, any suggestions Tag: Security KPI Tag: 81121
  - 12
    - Auto complete will not work on XP Pro Tablet PC I cannot after many attempts and suggestions get autofill/autocomplete to work on my tablet pc running XP Pro....any suggestions to make it work would be appreciated Tag: Security KPI Tag: 81120
  - 13
    - Install DC on the non secure server room. Hi. My company is planning to install a DC in its branch office for some reasons. There isnâ??t special secure server room in that office. I am afraid of some usersâ?? password recovery tools. Are there any recommendation about locate DC in the no secure server rooms? Thanks! Tag: Security KPI Tag: 81117
  - 14
    - Second User Setup ? Hello, I am using winXP SP2 Pro. There are 2 users on this computer, "Me" and "Myself". Me has admin.rights,and Myself is a limited user. Myself should only be able to surf,download a picture, run security,and clean up. I have noticed that I can get all the way down to the "system32" folder,which I heard is not the best thing for a limited user. I am not familiar with configuring any users, and just used what was provided to make a new user, and do not mess with the administry part if I can help it. So if someone could point me to some layman tutorials on "how to" it would be appreciated very much.. What I am trying to accomplish here ,or at least deter is, anyone,getting to know me and/or my machine, through the internet, since I am the only one on this computer,nothing can harm me from this side.. Thanks for any help. >worried< Tag: Security KPI Tag: 81101
  - 15
    - Can`t file shere whith another computer! i try to file-shere to another computer by writing the complete computer name (i have a router between the both computers). whitch is called local internet but the is askes for a password?? have no idea what password i should write! pleese help me! Tag: Security KPI Tag: 81097
  - 16
    - cracking DMZ servers username/password We have a Windows 2003 server on our DMZ, it's patched up to the latest and we have enabled Remote desktop Connection, so we can manage it remotely over the internet. Obviuosly I think this can be a risk, but I need to know if the username and password can be cracked etc. I did a port scan on it and it showed the RDC port open. I have changed the administrators username, what tool can I use? Tag: Security KPI Tag: 81091
  - 17
    - Remove Active-x Hi How can I delete or disable Active-X Regards Curt Tag: Security KPI Tag: 81090
  - 18
    - Tracking unauthorized access to my computer I am a Systems Analyst with full Admin privileges. I'm having a serious problem, someone has been connecting to my computer and controlling my email, accessing files/folder, etc. I'm certain that it is someone who also has Admin privileges but there are six people with these rights and I don't know who it is. I've spoken to my Boss about the situation but without specific proof talking about it has done nothing. I'm just wondering if there is a way to trace and log who is actually logging onto my computer remotely or if there is any software that I can install or scripts that I can run in the background that would identify the individual/individuals that are doing this? Even if there is something that I could use that would record the actions as they are happening would be helpful. I desparately need some kind of concrete evidence. It's gotten to the point where the amount of times someone is connecting to my machine is unbearable and very harassing. If anyone can help me with this please respond ASAP. Thanks. Tag: Security KPI Tag: 81083
  - 19
    - Internal Server Security Hi all hope I'm in the right group. Our company is working with an outside firm to provide web hosting for us that requires real time data from an internal server. Their software sits on any machine and listens to to a predetermined port that we have forwarded [from the firewall]. We have conteplated setting this port forwarding directly to our internal server. We have also contemplated setting up another machine with their software and then mapping a drive to our internal server for the data their software needs. Given the fact that the secondary machine would have a drive mapped to our internal server is it any more secure than just forwarding the traffice to the server. Any clarification would be appreciated. TIA Tag: Security KPI Tag: 81074
  - 20
    - A password problem about Zone Alarm.. really need help! A password problem about Zone Alarm.. really need help! I have a serious pity problem. I use Zone alarm and have set a password previously. However, I just have forgotten the password already. I am not autourised by the firewall to uninstall itself. What can I do to control the settings again? Tag: Security KPI Tag: 81067
  - 21
    - security on a certain program I have other users on my computer. I have installed Turbo Tax. How can I secure this program so no other user can get in to it? Tag: Security KPI Tag: 81056
  - 22
    - Unauthorized use of Server 2003 Someone has hacked into my server 2003 and changed MY password so I could not use it. I managed to change it back to my password and hopefully block future access from this person. Is there a "back way" into the server that I do not know about that would let this person in. I have terminal services and remote access. I need to block this possible entry. Anyone have this problem? Tag: Security KPI Tag: 81052
  - 23
    - Java -- which version is safe? I'm using Windows XP Home SP 1. I use Outlook 2000, Firefox, and occasionally IE 6. I think the Java I'm using is v1.4. I downloaded it from Sun. I gather there's a security problem with it? Which version of Sun Java should I be using? <*((((><{ Fishy@Ocean.Net Tag: Security KPI Tag: 81048
  - 24
    - Help please - Can not use/export private key after domain change I have a self signed certificate in Windows XP (private/pulic key pair). Recently my company changed my login domain (keeping the same password and Profile directory). But after that I can not use my certificate (private key). Looking at the password manager, it shows the certificate, also when I view it, it says that I have private key corresponding to the certificate. But when I try to export it greys out the option for private key export saying "The associated provate key can not be found. Only the certificate can be exported." I guess the reason might be that the key was encrypted based on password + domain name. Just my guess, based on my limited understanding from what I found on the net: "Windows XP protects you against such attacks. Windows XP encrypts the private key with a derivative of your password. If the password is changed and you don't provide the old password, access to the public key will be permanently blocked, and you or a thief can no longer decrypt files with this key." Is the only way to recover the key to ask for switching back to the old domain ? Please advise, I would really be very greatful for any help to recover my key. Thanks a lot, Sandeep Tag: Security KPI Tag: 81046
  - 25
    - LDAPS--certificate request I am trying to generate a certificate request for enabling LDAPS. When I >run > certreq -new request.inf request.req, I get the following error and am > having > trouble getting past the prob > > C:\>certreq -new > Certificate Request Processor: Bad INF file section name line 0xe0000001 > (INF: - > 536870911) > C:\request.inf > > I am using Article ID: 321051 for the example .inf file. That files reads > in part: > > [Version] Signature="$Windows NT > [NewRequest] Subject = "CN=<mydc.mydomain.myorg.edu>" > ; replace with the FQDN of the DC KeySpec=1 KeyLength=1024 > ; Can be 1024, 2048, 4096, 8192, or 16384. ; Larger key sizes are more > secure, but have > ; a greater impact on performance. Exportable=TRUE > MachineKeySet=TRUE > SMIME=False > PrivateKeyArchive=FALSE > UserProtected=FALSE > UseExistingKeySet=FALSE > ProviderName="Microsoft RSA SChannel Cryptographic Provider" > ProviderType=12 > RequestType=PKCS10 > KeyUsage=0xa0 > > [EnhancedKeyUsageExtension] OID=1.3.6.1.5.5.7.3.1 > ; this is for Server Authentication > > Ideas? > > Tag: Security KPI Tag: 81036

Hi,

I need to find some security KPI (Key Performance Indicator). Do you know if
ther'are something predefined KPI to check if a code is secure ?

Ty

Top

Re: Security KPI by S

S
Fri Feb 10 03:33:43 CST 2006

There is no such thing. There cannot be.You can come up with perceived risk
factoids, like

*** No code written in FORTH ever had vulnerabilities ***

but that doesn't give a logical base to create any sensible metric. Full
code review and penetration testing of the results is as much as you can
do.

--
Svyatoslav Pidgorny, MS MVP - Security, MCSE
-= F1 is the key =-

"Spoof" <Spoof@discussions.microsoft.com> wrote in message
news:670FB3AC-2DF9-4F71-805B-432ED0019BB0@microsoft.com...
> Hi,
>
> I need to find some security KPI (Key Performance Indicator). Do you know
> if
> ther'are something predefined KPI to check if a code is secure ?
>
> Ty

Top