Avecto Reduces Risk of Dangerous Coding Errors and Enables Least Privilege

Avecto Ltd, the leader in Windows privilege management for corporate desktops, today announced its support for a recent publication by CWE/SANS on the 25 most dangerous programming errors and how to fix them. "The top 25 list educates developers on the common coding errors that lead to serious software vulnerabilities, which should be eradicated from software before it is shipped to customers" said Mark Austin, CTO at Avecto.

The challenge for many organizations is that many of the applications that contain these coding errors are critical to the business, but are no longer being maintained by the vendor. Some of the errors in the list relate to organizational behavior and policy; for example, 'CWE-250: Execution with Unnecessary Privileges', which can result in an all too common scenario, where an application will only function correctly under an admin account.

"Legacy or badly written applications often require elevated privileges, resulting in organizations giving their users a privileged account in order to run these applications. Implementing Avecto Privilege Guard enables organizations to elevate the privileges of a problem application, while allowing users to log on to their computers under standard user accounts" said Austin. "Although this should not be seen as a substitute for coding an application to use the correct privileges in the first place, it significantly reduces an organization's exposure to running their users under privileged accounts, where re-coding a legacy application is simply not a viable option".

Even when an application requires a privileged account for a legitimate purpose, Privilege Guard can be used to assign these privileges to the application and not the user. This ensures that a user or application cannot inadvertently abuse a privileged account, as privileges will only be assigned to the applications that require them, and are governed by policy settings defined by the IT department.

For a list of all 25 errors, please visit http://cwe.mitre.org/top25/#CWE-250