After reviewing all the applications Alexander Rocco uses, you notice that many have been modified or changed during the past couple of months. Two of the company’s financial applications are written in C and, according to Randy Stegner, the IT security administrator, monitor the company’s accounts and financial data. Mr. Stegner discovered that several modifications were made to one program, with no documentation indicating who made the changes or why.
Questions
a. Based on this information, write a memo to Mr. Stegner with your findings and any recommendations you might have for improving the security of the company’s software engineering practices.
b. Search the Internet for any information on securing company software. Does the OSSTMM address any of these issues?
c. What improvements should you recommend to better protect this information?