China Software Security Summit-personal notes

A while ago I mentioned that I would attend several security-related meetings in March.

 

The first meeting. 2008 China Software Security Summit,Http://www.sinoit.org.cn/Sponsored by the Electronics Industry Publishing House.

 

Below are my personal notes for some lectures for your reference. Many lectures can be downloaded.

 

Computer Virus development trend and anti-virus product testing

Chen Jianmin, deputy director of the National Computer Virus emergency response center

 

It is mentioned that Trojans are currently mounted on websites where attackers collect network traffic statistics. Because a large number of websites rely on the pace of the traffic website for statistics, once the trojan is successfully mounted on the traffic website, the Trojan's exposure is very high.

 

Domestic and foreign software vulnerability handling Overview

Zhou Yonglin, deputy director of the cncert/CC Operation Department

 

We mentioned three important security vulnerabilities this year. DNS Security Vulnerabilities (Dan Kaminsky), MS08-067 security vulnerabilities, and a yet unpublished TCP/IP security vulnerability (cncert does not know details about the vulnerability ). We mentioned the plan to create a CVE Vulnerability database program similar to that in the United States and Japan. This is very useful for tracking and managing security vulnerabilities, especially those of domestic software.

 

Network security in the Web 2.0 era

Shi Xiaohong, assistant chairman of Qihoo Company

 

The idea of evaluating the quality of URL and software through community feedback is mentioned. This is similar to the popular reputation service.

 

Business Software Assurance (software security assurance system)

Fortify practice ctor, Justin Derry in Asia Pacific

 

The Software Assurance maturity model is proposed. The HTTP isHttp://www.opensamm.org/Home.html. Are you planning to change this mode to the ISO standard? What is the difference between SDL and Microsoft?

 

Virtual Machine Technology Security

McAfee researcher sun Bing

 

Sun Bing is a master of virtual machines. After chatting with him, it is estimated that Microsoft's hyper-V will be studied soon.

 

Fuzz technology and software security testing

Wang Qing, a famous software security expert

 

Peach seems to be using more and more. Smart Fuzz must be the future development direction. The space for dumb fuzz is too small.

 

Microsoft Security Information Report Episode 5-Overview of China's security situation

Jiang mingzao, chief security consultant, Microsoft Greater China

 

There are statistics on browser-based security vulnerabilities in China. It is very interesting.

 

Due to time conflicts, it is a pity that I could not hear a lecture on encryption technology from the snow forum.