Malicious code is a bigger problem than ever before. Way back in 1996 when Ed Felten and I wrote Java Security, we thought that malicious code was an up and coming issue and we positioned it that way. These days with the likes of Stuxnet and Zeus, things are worse than we ever would have imagined. In my view, the only surefire way to address malicious code is to build better software that is not susceptible to attack. That is, most malicious code leverages broken and vulnerable software to do what it does. Malicious software attacks other software. But while we’re working harder than ever on software security, we already have a huge problem.
This video, produced by Invincea (whose software Cigital helped to secure), gently introduces some of my views on the malicious code problem.