Read the TechNews Online at: http://technews.acm.org
ACM TechNews
May 10, 2006

MemberNet
The ACM Professional Development Centre
Unsubscribe

Welcome to the May 10, 2006 edition of ACM TechNews, providing timely information for IT professionals three times a week.

Sponsored by Information, Inc.

http://www.infoinc.com/sponsorthenews/contactus.html


HEADLINES AT A GLANCE:

 

Voting Glitch Said to Be 'Disastrous'
Inside Bay Area (CA) (05/10/06) Hoffman, Ian

A recently discovered vulnerability in Diebold's touch-screen voting machines has election officials scrambling to understand and contain the risk. A hacker with minimal specialized knowledge of Diebold's system and an off-the-shelf component could load software onto the machine to disable it or alter vote counts in a matter of minutes. "This one is worse than any of the others I've seen. It's more fundamental," said Douglas Jones, a University of Iowa computer scientist. "In the other ones, we've been arguing about the security of the locks on the front door," he said. "Now we find there's no back door. This is the kind of thing where if the states don't get out in front of the hackers, there's a real threat." Finnish computer expert Harri Hursti discovered the flaw while working with Black Box Voting in March, and quietly spread word of the glitch to several prominent computer scientists who advise states on voting machines. Pennsylvania, California, and Iowa have directed their election officials to seal the machines with tamper-proof tape until election day, though California advised its counties that intend to use only Diebold machines in their upcoming elections that the threat is low, and that tampering would be easily detected by voters from the paper read-out and by officials once they recount 1 percent of their precincts' paper ballots. California Assistant Secretary of State for elections Susan Lapsley downplayed the risk, arguing that "it assumes access and control for a lengthy period of time." Scientists disagree, noting that hackers could work out plans ahead of time, and that it only takes a minute to install the software, a hole that apparently originated from Diebold's efforts to make it as easy as possible to update the software inside its systems. ACM's U.S. Public Policy Committee has released a report on Statewide Databases of Registered Voters. To review, visit http://www.acm.org/usacm/VRD
Click Here to View Full Article
to the top


CFP 2006: Life, Liberty and Digital Rights
TidBITS (05/08/06) Porten, Jeff

Participants at ACM's recent Computers, Freedom, and Privacy (CFP) conference met in Washington, D.C., to discuss the effect of technology on society, focusing especially on the ways that governments can use information against their citizens. CFP has historically facilitated an honest discussion between the hacker, security, privacy advocate, and law enforcement communities. A panel debating the different approaches to privacy law in the United States, Canada, and the European Union noted the difficulty that Europeans have faced in implementing centralized privacy laws, while the United States still maintains a patchwork of national and local laws. Participants debated privacy in the context of a world where information flows freely and governments maintain massive databases of personal information, often over the objections, or without the knowledge, of their citizens. A panel discussing the Bush administration's domestic surveillance program questioned the legality of both the government agents and telecommunications companies involved, noting that under the Foreign Intelligence Surveillance Act, employees of private companies found to be complicit in illegal surveillance are subject to criminal prosecution, a provision that has raised questions about AT&T's collaboration with the NSA to deliver vast troves of telecommunications traffic. In another discussion, Apple drew severe criticism for its implementation of DRM. In the closing keynote address, science fiction author Vernor Vinge contrasted two historical visions of a technology-driven future: the dark, Orwellian world where privacy has completely succumbed to ubiquitous government intrusion, and the cyberpunk world controlled by the anarchist hacker. Vinge suggested that liberty has gradually eroded as humans have fallen prey to a melange of technologies and laws that are steadily (and at times, inadvertently) waging war on the last vestiges of privacy.
Click Here to View Full Article
to the top


USC Hacker Case Pivotal to Future Web Security
InformationWeek (05/09/06) Greenemeier, Larry

The trial of Eric McCarty, the 25-year-old San Diego resident who claims that he hacked into the University of Southern California computer system only to call attention to its vulnerabilities, could become a referendum on acceptable practices of security research, especially if he is convicted and sentenced to the maximum of 10 years in prison. Everyone agrees that McCarty violated the law, though the ethical legitimacy of his actions is being hotly debated, and many security researchers believe the maximum penalty is extreme, particularly since McCarty has been cooperating with the FBI. McCarty hacked into a SQL database that contained the Social Security numbers, birth dates, and other identifying information for more than 275,000 USC applicants dating to 1997. McCarty initiated a SQL injection after he found a vulnerability in the login system of USC's application Web site. The university then took the site down for two weeks to fix the flaw. Security professionals have mixed feelings about McCarty's actions. "McCarty was trying to prove a point," said Digital Defense's Rick Fleming. "Part of me commends him for saying, 'Hello, wake up.' But he crossed an ethical boundary because he didn't have permission to test that system, and he broke the law." The online document called RFPolicy informally lays out the basic protocols for researchers to communicate with vendors and developers to address vulnerabilities. RFPolicy has no legal authority, however, and it does not provide a method for legally entering someone else's IT environment and testing Web applications. Security experts worry that if McCarty is sentenced to jail, many white-hat researchers will either stop looking for flaws or stop reporting them for fear of legal reprisal. "If the good guys aren't going to do this research, that's a bad thing because the bad guys certainly won't stop," says WhiteHat Security founder Jeremiah Grossman.
Click Here to View Full Article
to the top


Cause for Concern? Americans Are Scarce in Top Tech Contest
Wall Street Journal (05/10/06) P. B1; Gomes, Lee

Only four of the top 48 contestants in the recent TopCoder global finals in Las Vegas came from the United States, renewing concerns that Americans are falling behind their international counterparts in computer science. The United States dominated the competitions when they began in 2001, but this year Russia claimed eight of the top spots and Poland took 11, while Norway and China both took four. The Polish contestants viewed their strong showing less as a sign of superior training and education than as a testament to the significance of such a competition for a country that has so few opportunities to compete on the global stage. Programming has captured the popular imagination in Poland largely due to Tomasz Czajka, who has won more than $100,000 as a repeat TopCoder champion. Each 90-minute round of the contest had three problems, described as easy, medium, and hard. No American made the final cut of the two-day competition. The top prize of $20,000 went to the Russian Petr Mitrichev. Ken Vogel, a former TopCoder contestant, noted that the competition is not the best measure of a programmer's worth in the job market. The competition tests the ability to solve a series of contrived problems quickly, while in the real world, companies are looking for employees who can work in team settings, see the big picture, and anticipate the desires of end users. The Americans' poor showing in the contest nonetheless raises troubling questions about the anti-intellectual strain in the United States. Po-Shen Loh, one of the four American-born contestants to finish in the top 48, got a heavy heart when he watched a cartoon aimed at toddlers where the characters were making fun of the stereotypically smart one: "If this is what American kids are watching before they know any better, it can't help but affect them later on."
Click Here to View Full Article
to the top


Engineered by Women, for Girls
Connect for Kids (05/08/06) Rafferty, Heidi Russell

Since 1981, the New Jersey Institute of Technology (NJIT) has run the FEMME program, a summer learning experience designed to encourage inner-city girls to pursue careers in engineering, science, and IT. With men accounting for 80 percent of today's engineers, and the affluent far more likely to succeed in technical fields, FEMME director Suzanne Heyman says the program's goal is to help close the gap for underprivileged girls. While most girls usually abandon high-level math and science classes in the ninth grade, Heyman and her fellow instructors, most of whom are women, hope to immerse their students in the sophisticated math and science concepts at a young age so that they will be second nature by the time the girls reach college. Instructors discuss workplace gender issues and try to facilitate an honest dialogue about the pros and cons of various careers. The multi-year program is divided into two groups: the FEMME program, a day camp for fourth through eighth grade girls, and the FEMME Academy, a three-week residential program for ninth graders. NJIT then offers a co-ed college preparatory program for engineering for 10th through 12th graders. Each grade level dives into a different topic in depth: fourth graders study environmental engineering; fifth graders study aeronautical engineering; and sixth graders concentrate on mechanical engineering. The mechanical engineering course is a favorite among the students because they take a trip to an amusement park to observe the roller coasters and see the principles they have learned in motion. The seventh graders study chemical engineering, where they watch how hair dye is made at the L'Oreal factory. Eighth graders study biomedical engineering, one of the most popular engineering disciplines among females because it offers the clearest societal impact, and ninth graders study electrical and computer engineering. For information on ACM's Committee on Women in Computing, visit http://women.acm.org
Click Here to View Full Article
to the top


The Most Realistic Virtual Reality Room in the World
Iowa State University News Service (05/08/06) Krapfl, Mike

Iowa State University is spending more than $4 million upgrading C6, a hexagonal virtual reality room that will project 100 million pixels, twice the number of pixels illuminating any other virtual reality room in the world. Iowa State opened C6 in 2000 as the first six-sided room in the country that provides an immersive auditory and visual experience, though the equipment has not been updated since. The new equipment will feature a Hewlett-Packard computer with 96 graphics processing units, 24 Sony digital projectors, and an ultrasonic motion tracking application. Supported by a Defense Department appropriation through the Air Force Office of Scientific Research, the upgrade began this spring, and is expected to be unveiled in the fall, with a grand opening celebration planned for spring 2007. Iowa State architecture professor Chiu-Shui Chan has used C6 to generate 3D models of buildings and cities, and is exploring the effect that virtual reality could have on urban planning and workplace efficiency testing. The upgrade to the system will help Chan deliver more realistic and interactive models that convey a stronger sense of place than he can with the existing C6 technology. Other researchers are using C6 for visualizations of genes, cell biology, and engineering tools. James Oliver, a professor of mechanical engineering and the director of Iowa State's Virtual Reality Applications Center, is leading a project to develop a virtual reality control room for unmanned aerial military vehicles. Under Oliver's system, a lone operator could control many vehicles by monitoring their surrounding airspace, the terrain over which they are flying, and information taken from instruments, cameras, and radar and weapons systems in the virtual environment. "The idea is to get the right information to the right person at the right time," he said. "We think this kind of large-scale, immersive interface is the only way to develop sophisticated controls."
Click Here to View Full Article
to the top


Democratic Senator Wants Net Neutrality Regulations
CNet (05/09/06) Broache, Anne

An aide to Sen. Daniel Inouye (D-Hawaii) advocated legislation calling for the regulation of broadband providers at a broadband policy summit on Tuesday. "I don't view this as new regulation of the Internet," declared Senate Commerce Committee Democratic counsel James Assey Jr. "In fact, I view it as reaffirming what has been a very old principle...that network operators with an ability and incentive to discriminate be prevented from doing so." Network operators claim they should be allowed to charge premium fees to heavy bandwidth users so as to recoup their infrastructure investments and to guarantee product security and quality; Internet companies and consumer groups argue that the operators' proposed business model would force them to pay more money in addition to the already vast sums they currently pay broadband providers to deliver content. On April 26, House Republicans killed a Democratic-led bid to turn strict Net neutrality rules into law. "It would be unthinkable for the government to insert fees into the way the Internet is now, but yet there are a number of people who would be fine with private entities doing so and being able to selectively pick and choose and treat others differently for any reason they see fit," said House Energy and Commerce Committee Democratic counsel Johanna Shelton. Senate Commerce Committee Chairman Sen. Ted Stevens (R-Alaska), endorsed a hands-off approach to broadband providers in a draft bill released last week despite his concerns about discrimination, after hearing from Wall Street interests who warned that federal intercession would "chill investments," said committee staff director Lisa Sutherland. She noted that lawmakers have received an "unprecedented" amount of input from lobbyists, constituents, and virtually anyone with something to say about the Net neutrality issue.
Click Here to View Full Article
to the top


Vanderbilt Engineers to Help Air Force Use Global Information Grid
Vanderbilt News Service (05/08/06)

The U.S. Air Force wants to tame the ad hoc manner in which the Global Information Grid (GIG) has grown over the years. The military service's research laboratory has awarded a $1.2 million grant to a group of U.S. researchers to develop software that will allow military personnel to use the disparate resources of the GIG more effectively. The communications technology of the GIG range from the Internet and landlines to cell phones and satellite. However, GIG has not been immune to cell phone dead spots, busy signals, email spam, voice mail loops, and other problems associated with technology. "The software we are creating not only will broaden communications capabilities by utilizing the GIG to augment Air Force communications technology such as warfighters' radio, landline and satellite communications, but also will ensure that all communications are delivered according to commander priorities and are protected from interception and disruption," says Douglas C. Schmidt, a professor of computer science at Vanderbilt University. Engineers at Vanderbilt will work with researchers from Carnegie Mellon University on the software, which must provide an efficient interface, reliability, and military-level security. "It's helpful to think of the GIG as presenting a similar, but actually even more complex, challenge in terms of integrating technologies sufficiently for them to work together," notes Schmidt.
Click Here to View Full Article
to the top


Cell-Phone Tracking: Laws Needed
Wired News (05/08/06) Singel, Ryan

The cell phone industry and privacy advocates are urging Congress to adopt clear, standardized rules regarding the use of mobile phones to track suspects. At ACM's recent Computers, Freedom, and Privacy Conference, a panel agreed that Congress should write rules governing what level of suspicion police need to have before tracking people through their cell phones. Law enforcement is currently allowed to track suspects using their cell phones without probable cause, a practice the Justice Department says is sanctioned by a combination of wiretap laws governing stored communications plus a law that lets law enforcement learn the phone numbers people dial. However, eight out of the 10 judges who have published decisions since August have rejected the DOJ's legal arguments. "We've seen an avalanche of...decisions rejecting the government's hybrid theory," said Kevin Bankston, a lawyer with the Electronic Frontier Foundation, during the panel discussion. "For several years, the DOJ has been successfully pulling the wool over the eyes of magistrates." Bankston added that some of the legal uncertainty may be resolved soon, since the DOJ has filed an objection in at least one case. Other members of the panel, including Catholic University of America law professor Clifford Fishman, did not understand the fuss over law enforcement tracking cell phones without a probable cause. "The government has legitimate reasons to follow people," he said. "This is the technology law enforcement needs to get the probable cause to search you, arrest you, and throw you in jail."
Click Here to View Full Article
to the top


Q&A: IBM's Dharmendra Modha
Red Herring (05/06/06)

In a recent interview, IBM's Dharmendra Modha, chair of the Almaden Institute, discussed his research in cognitive computing and his belief that scientists must develop a better understanding of the human mind in order to endow computers with intelligence. Later this week, the institute will hold a cognitive computing conference where Modha will challenge the scientists in attendance to advance the understanding of neuroscience and psychology as the basis for intelligent computers. Modha prefers the term cognitive computing to artificial intelligence because it more precisely conveys the idea of the brain as biological hardware, equipped with all the cognitive processes of perception, language, memory, intelligence, and consciousness. Rather than developing algorithms to measure thoughts and feelings, Modha's goal is to reverse engineer the brain and crack the algorithm that mirrors the brain's processes through a mathematical and computational approach to neuroscience and psychology. While there are too many variables and hurdles to clear to project an accurate timetable for reverse engineering the brain, Modha believes there is an abundance of data that have been collected about the brain and that recent improvements in supercomputing performance give today's researchers the ability to make revolutionary strides in cognitive computing. Ultimately, Modha hopes for commercial applications from even the simplest form of artificial mind.
Click Here to View Full Article
to the top


Real-Time Maps Could Help Make Cities More Livable
Technology Review (05/10/06) Bourzac, Katherine

Researchers at MIT's SENSEable City Laboratory can track the movements of anyone using MIT's wireless network by simply monitoring the access points to which their devices are connected. The lab is led by Carlo Ratti, an Italian architect who in a recent interview discussed his research aimed at developing real-time maps from location data that provide insight into the movement of people and the flow of traffic through cities. As companies such as Microsoft and Google continue their push into real-time mapping and municipal Wi-Fi projects, however, Ratti is troubled by privacy concerns, and advocates a collaboration between city planners and technology and telecommunications companies to develop infrastructures that will safeguard individual privacy. Access to dynamic, real-time city maps could streamline transportation, as individuals could tailor their movements according to the overall traffic flow in the city. Ratti is developing a project called Rome in Real-Time for the Venice Biennale architecture exhibition that will overlay all the real-time information that his team can obtain on a city map, including cell phone data and bus and taxi positions. Architects and city planners can use the maps to make better use of space by designing areas in accordance with real movement patterns. Ratti says the Katrina relief debacle would have been avoided with a real-time positioning system that tracks cell phones, though he believes that the privacy implications are too grave to ignore. His basic solution is to give people the choice to not have their data monitored; at MIT, students and faculty will be able to decide on an individual basis who can monitor their location. Companies such as Google, which is donating Wi-Fi equipment to build a mesh network in San Francisco, are hoping eventually to cash in on the data they collect from municipal Wi-Fi projects. Gratti's lab is putting together a consortium to discuss the future of the city with planners, telecom companies, and hardware and city-infrastructure providers.
Click Here to View Full Article
to the top


Report: Computing Poised to Change the Way Science Is Done
Johns Hopkins University News Releases (05/04/06) De Nike, Lisa

Scientists have collected more data in the past year than in all the previous years that science has been practiced, amassing mountains of data requiring sophisticated new analytical tools that will help researchers extract meaningful discoveries, according to Alexander Szalay, professor of astronomy and computer science at Johns Hopkins University. "Computer science has the potential to drastically change the way we do science and the science that we do," Szalay said. "It will play a critical role in tackling the largest challenges facing our world, from medicine and health to energy and the environment." Petabyte-scale datasets will require major advances in computing that will have a transformative impact on scientific practices over the next 15 years. Szalay is a member of the 2020 Science Group, and has been working with Microsoft's Jim Gray for almost 10 years on projects related to the impact of computing on scientific conduct. Szalay has worked on numerous collaborations, including projects at Johns Hopkins to simulate turbulence, develop wireless sensors to monitor the environment, and create the multi-terabyte archive for the Sloan Digital Sky Project. Szalay and the 2020 group note that while the data explosion has been mostly confined to the physical sciences, it will soon have a major impact on the life sciences. Scientists can develop far more accurate models of complex systems that will enable them to map epidemics such as avian influenza and malaria and improve response time in the event of an outbreak. With scientists increasingly looking to databases to make connections between different sets of information, computer science could soon become as integral to their job as mathematics. A report issued by the 2020 group calls for elevating scientific innovation as a national priority and improving public awareness about the value of research.
Click Here to View Full Article
to the top


Science, Tech, Math Degrees Dropping
Durham Herald-Sun (NC) (05/06/06) Smith, Gerry

The percentage of college students graduating with math, science, engineering, technology, and technology-related degrees has declined from 32 percent of all graduates in 1995 to 27 percent today, according to a new report from the Government Accountability Office (GAO). The report raises concerns about the future competitive advantage of the United States in technology, as well as questions whether the high-tech industry will face a shortage of workers in the years to come. The number of foreign workers in the industry is also starting to fall, with the report showing a decline in visa approvals for computer system analysis and programming jobs from around 163,000 in 2001 to roughly 56,000 in 2002. "There's a general perception out there that there are no jobs for students with computer science degrees because all the jobs are going to China and India," says Marcia Harris, director of Career Services at the University of North Carolina. "But we're hearing from major employers like IBM and Microsoft who are very concerned about where they're going to find talent in this country." College students and officials see the quality of teaching and high school preparation as having a negative impact on the number of students enrolled in math, science, and tech programs. Universities would do well to target women and minorities in their outreach efforts, added the GAO.
Click Here to View Full Article
to the top


Microsoft Scientists Pushing Keyboard Into the Past
CNet (05/03/06) Kanellos, Michael

The technologies and prototypes on display at Microsoft Research's road show indicate that the software giant's lab is focused on making it easier for cell phone and handheld users to input data or navigate the Web. Microsoft is showing off a prototype of a program that will enable users of the devices to conduct searches by using abbreviations and truncated versions of words. The Wild Thing application is designed to make use of the telenumeric pad on a cell phone, in which numbers are represented by three sequential letters (i.e. A, B, or C for 2) and punctuations marks determine work spaces or other grammatical rules. Fewer letters would be required for more popular topics, and the application groups search results. A user who types "2*#7423" for Condoleezza Rice would return results for Condi Rice first, but would also receive search results for brown rice, Anne Rice, and Cellular Shades. Microsoft is holding discussions with device makers and carriers, and believes the application could find its way into cell phones within a year. The company is also at work on a software interface that would enable users to input letters using sweeping motions and gestures; the approach is similar to the Shark prototype of IBM and the application Hewlett-Packard has developed for the Indian market. Microsoft is also displaying its Pinpoint application for monitoring the location of someone using GPS or triangulation with W-Fi or cellular data.
Click Here to View Full Article
to the top


DNS Security: Most Vulnerable and Valuable Assets
IT Observer (05/08/06)

A survey conducted by Cornell University's Computer Science Department mined public data to determine: The most vulnerable assets of the Domain Name System (DNS); the servers most likely to be assaulted because they control the biggest chunk of the namespace; and the existence of servers with known vulnerabilities and the domain names they affect. The survey found that attackers can gain a tremendous advantage by exploiting the architecture of the legacy DNS, which creates many non-obvious dependencies between names and nameservers. The higher the number of nameservers on which a domain name depends, the bigger the trusted computing base, which leads to a larger number of dependencies, a bigger attack profile, and greater susceptibility to attack. According to the survey, a routine DNS name depends on 46 nameservers on average, while the most vulnerable top level domain names are ranked .ua, .by, .al, .sm, .mt, .va, .pl, and .it, from highest to lowest; the bulk of country code TLDs average more than 100 dependencies per name. The survey ascertained the most valuable DNS assets by evaluating how important a role a DNS nameserver plays in name resolution, and found that a nameserver is involved in the resolution of 166 externally visible names, on average. Furthermore, 67 hostnames appearing in Yahoo!+DMOZ depend on the nameserver ranked 5000, 29 publicly visible Web sites rely on the nameserver ranked 10000, and the median number of externally visible names served is four. In addition, institutions that may be ill-equipped or unwilling to assume DNS functionality operate many important servers. Information about the most vulnerable and most valuable DNS assets was then combined with data about established bugs in servers to infer that one in three Internet names can be hijacked by well-known, scripted exploits; among this percentage is www.fbi.gov as well as every other name residing in the fbi.gov domain.
Click Here to View Full Article
to the top


Smalltalk: Requiem or Resurgence?
Dr. Dobb's Journal (05/06/06) Chan, Jeremy

Jonah Group principal consultant Jeremy Chan cannot verify a resurgence in the use of the Smalltalk object-oriented language as indicated by Georg Heeg at the recent Smalltalk Solutions Conference, noting that none of his company's customer requests exhibit a desire for Smalltalk. Chan writes that Smalltalk's status as a OO language does not really provide an explanation of why it might be superior to other OO languages, and why, given such alleged superiority, it has been displaced by the likes of Java and C# as the most preferred language for enterprises in the last decade. "This is the essence of the Smalltalk Paradox," Chan says. The author reasons that developers may have difficulty relating Smalltalk's programming concepts, presented by defining the language's five principal vocabulary terms (object, message, class, instance, and method), to something else they already know. The vocabulary defines four rules of the language: All things are objects; all objects represent instances of some class; objects perform tasks by sending messages; and messages are deployed via methods. Chan attributes Smalltalk's lack of popularity to several factors, including the defensive posture Smalltalk developers assume when the language's superiority is questioned, and the absence of a major industry backer with the marketing muscle to facilitate Smalltalk's mainstream penetration. The author believes the Smalltalk community would receive a significant boost by attracting outsiders and discussing collaboration.
Click Here to View Full Article
to the top


SPARQL Will Make the Web Shine
eWeek (05/01/06) Vol. 23, No. 18, P. 50; Rapoza, Jim

While the Semantic Web holds the considerable potential to streamline the organization and development of online content, many technically savvy people are still completely unfamiliar with the term. The constellation of technologies that have emerged as signposts of the development of the Web 2.0--blogs, wikis, social networking sites--is much better known, and the popularity of those applications has indeed brought Web creator Tim Berners-Lee's vision of the Web as a space where users can both create and search for content with similar ease closer to a reality. Neither the Semantic Web nor Web 2.0 has an adequate querying and search technology specifically designed for it, though that could soon change if the W3C recommendation to make the SQL-like SPARQL the standardized query language for the Semantic Web is accepted. SPARQL is rooted in the Resource Description Framework (RDF), though it also employs numerous Web services standards, including Web Services Description Language. The basic components of SPARQL are a normal query language, a data model (essentially RDF), and a data access protocol. By enabling users to query precise and relevant information from large databases, SPARQL has the vast potential to transform search on the Web, pulling data from a comprehensive search of RSS feeds, image sites, Google applications, and numerous other sources. If SPARQL is accepted as a standard, it will only require minimal changes in the way that users create content, thanks to the emergence of Web 2.0 technologies.
Click Here to View Full Article
to the top


Defining Trust
SC Magazine (04/06) P. 26; Kaplan, Dan

Klocwork CTO Djenana Campara co-chairs the Object Management Group's (OMG) Architecture-Driven Modernization Special Interest Group, which seeks to prevent terrorists from funding their malicious activities through the exploitation of insecure U.S. networks by building a framework that would evaluate risk and detail the characteristics and elements that make up trustworthy software. This effort is supported by the federal government, whose operations depend on the security and trustworthiness of software. Campara says tool vendors and software manufacturers must shoulder the burden of following a best possible practice, and she thinks the framework would establish standardized design criteria and automated procedures for tool vendors and software makers to adopt to make sure their products are reliable and trustworthy. "Tool vendors will be building tools based on this framework because they will know that there is a market for them, while software suppliers will use those tools to improve and clean up software products," says Campara. James Madison University computer science professor Samuel Redwine reasons that a universal software assurance framework would carry benefits for buyers as well as sellers. "It would separate out the people who have convincing arguments and evidence of why you should have confidence in software from those that don't, in a rather clear way," he notes. OMG expects to release a request for proposal (RFP) for the model, which will be open to all OMG members, by November or December; a standardized code analysis process does not currently exist, and creating one will require a concentration on following authoritative coding processes, says Anthony Nadalin of IBM Software. Nancy Mead with the Software Engineering Institute expects some vendors will initially be resistant to the idea of a universal framework, if conforming to it requires a substantial amount of labor.
Click Here to View Full Article
to the top


To submit feedback about ACM TechNews, contact: technews@hq.acm.org

To unsubscribe from the ACM TechNews Early Alert Service: Please send a separate email to listserv@listserv.acm.org with the line

signoff technews

in the body of your message.

Please note that replying directly to this message does not automatically unsubscribe you from the TechNews list.

ACM may have a different email address on file for you, so if you're unable to "unsubscribe" yourself, please direct your request to: technews-request@ acm.org

We will remove your name from the TechNews list on your behalf.

For help with technical problems, including problems with leaving the list, please write to: technews-request@acm.org

to the top

News Abstracts © 2006 Information, Inc.


© 2006 ACM, Inc. All rights reserved. ACM Privacy Policy.

About ACM | Contact us | Boards & Committees | Press Room | Membership | Privacy Policy | Code of Ethics | System Availability | Copyright © 2014, ACM, Inc.