Buy Cheap Software - Discount Software Blog - Le Minh Duc
7 lý do nên khởi nghiệp ngay bây giờ
Blog
Thursday, 12 March 2009

Phần lớn các cuộc suy thoái trong lịch sử thường diễn ra trong vòng 10 tháng, sau đó là quá trình phục hồi và phát triển mạnh kéo dài 50 tháng. Nếu kinh tế thế giới tuân theo quy luật này, bây giờ là thời điểm vàng để các doanh nhân trẻ nhập cuộc.

Có 7 lý do giải thích tại sao bạn nên bắt đầu gia nhập thương trường ngay bây giờ.

1. Mọi thứ đang rẻ hơn trước rất nhiều

Chi phí đất đai, trang thiết bị cho tới mặt bằng thương mại, nhân công đang ở mức thấp, một điều kiện lý tưởng cho các thương vụ làm ăn. Gia nhập thị trường bất động sản cũng như thị trường tài chính lúc này cũng rất thích hợp bởi giá các loại tài sản đều giảm mạnh. Với lĩnh vực liên quan tới máy móc công nghiệp và xây dựng, đây cũng là thời điểm lý tưởng. Nhiều người đã phải chờ đợi hàng năm cho tới lúc giá cả thị trường về mức hợp lý để nhập cuộc và thời điểm đó đã tới.

2. Dễ dàng lựa chọn nhân sự trình độ cao hơn

Khi mà những tập đoàn khổng lồ như Microsoft phải tiết kiệm chi phí nhân công, đây là cơ hội để bạn chọn lựa nguồn nhân lực trình độ cao với mức lương hợp lý. Vào lúc bạn chuẩn bị thành lập doanh nghiệp, thật tuyệt khi có vô vàn kỹ sư công nghệ trình độ cao đang chờ được tuyển dụng. Nhiều kế toán viên và luật sư cũng đang tìm kiếm cơ hội mới. Họ sẽ giúp doanh nghiệp của bạn khởi động với nền tảng tốt và chi phí hợp lý.

3. Nhiều cơ hội giành hợp đồng

Trong bối cảnh doanh nghiệp quan tâm nhiều hơn tới chi phí đầu vào, mọi thứ đều được đặt lên bàn để cân nhắc. Tuy nhiên, ngay cả khi chào giá cao hơn một chút, bạn vẫn có cơ hội thắng cuộc, nếu sản phẩm đưa ra có chất lượng tốt hơn hẳn. Bạn cũng có nhiều cơ hội giành hợp đồng bởi trong lúc khó khăn, các doanh nghiệp thường mong muốn tìm kiếm đối tác mới với cách thức làm ăn khác biệt, hiệu quả và sáng tạo hơn.

4. Được ưu đãi thuế

Có thể bạn không để ý nhiều về chuyện thuế má khi bàn kế hoạch khởi nghiệp. Nhưng các ưu đãi về thuế cho doanh nghiệp trong bối cảnh kinh tế sa sút rất đáng lưu tâm và nên được bổ sung vào danh sách những lợi ích dành cho chủ doanh nghiệp.

5. Có cơ hội huy động vốn từ người thân

Trong bối cảnh thị trường chứng khoán và bất động sản đóng băng, nhiều người trong gia đình và bạn bè của bạn không muốn đầu tư tiền vào lĩnh vực này nữa. Đây sẽ là cơ hội nếu bạn muốn được họ hỗ trợ về tài chính cho các dự án mới hay cho kế hoạch mở rộng kinh doanh. Là chỗ quen biết, lại hiểu rõ bạn, họ sẽ không ngại ngần nếu chuyện kinh doanh của bạn thuận buồm xuôi gió.

6. Dễ quảng bá hình ảnh doanh nghiệp

Báo chí rất thích những gì khác thường. Trong khi tất cả mọi người bi quan về tình hình kinh tế, còn bạn lạc quan tiến vào thương trường, bạn sẽ trở thành tâm điểm chú ý. Như vậy, bạn có cơ hội PR về doanh nghiệp của mình một cách hiệu quả mà không tốn kém đồng nào, bởi bạn là người dám đi ngược xu thế.

7. Nếu vừa mất việc, không có lựa chọn nào tốt hơn là tự kinh doanh

Đôi khi quyết định kinh doanh tốt nhất thường nảy sinh khi bạn rơi vào bước đường cùng. Sẽ chẳng có gì bất ổn nếu bạn quyết định lập doanh nghiệp sau khi nhận thông báo nghỉ việc. Lúc trắng tay, cũng là khi bạn có nhiều động lực để kiếm tiền càng nhanh càng tốt.

Be first to comment this article

 
CWE/SANS TOP 25 Most Dangerous Programming Errors
Blog
Wednesday, 14 January 2009

Experts Announce Agreement on the 25 Most Dangerous Programming Errors - And How to Fix Them
Agreement Will Change How Organizations Buy Software.

PDF PDF For Printing

What Errors Are Included in the Top 25?

The Top 25 Errors are listed below in three categories:

  • Category: Insecure Interaction Between Components (9 errors)
  • Category: Risky Resource Management (9 errors)
  • Category: Porous Defenses (7 errors)

Clicking "MORE" in any of the listings takes you to the relevant spot in the MITRE CWE site where you will find the following:

  • links to the full CWE entry data,
  • data fields for weakness prevalence and consequences,
  • remediation cost,
  • ease of detection,
  • attack frequency and attacker awareness
  • related CWE entries
  • related patterns of attack for this weakness.

Each entry at the Top 25 Errors site also includes fairly extensive prevention and remediation steps that developers can take to mitigate or eliminate the weakness.

CATEGORY: Insecure Interaction Between Components

CWE-20: Improper Input Validation

It's the number one killer of healthy software, so you're just asking for trouble if you don't ensure that your input conforms to expectations...MORE >>

CWE-116: Improper Encoding or Escaping of Output

Computers have a strange habit of doing what you say, not what you mean. Insufficient output encoding is the often-ignored sibling to poor input validation, but it is at the root of most injection-based attacks, which are all the rage these days...MORE >>

CWE-89: Failure to Preserve SQL Query Structure (aka 'SQL Injection')

If attackers can influence the SQL that you use to communicate with your database, then they can...MORE >>

CWE-79: Failure to Preserve Web Page Structure (aka 'Cross-site Scripting')

Cross-site scripting (XSS) is one of the most prevalent, obstinate, and dangerous vulnerabilities in web applications...If you're not careful, attackers can...MORE >>

CWE-78: Failure to Preserve OS Command Structure (aka 'OS Command Injection')

When you invoke another program on the operating system, but you allow untrusted inputs to be fed into the command string that you generate for executing the program, then you are inviting attackers...MORE >>

CWE-319: Cleartext Transmission of Sensitive Information

If your software sends sensitive information across a network, such as private data or authentication credentials, that information crosses many...MORE >>

CWE-352: Cross-Site Request Forgery (CSRF)

With cross-site request forgery, the attacker gets the victim to activate a request that goes to your site. Thanks to scripting and the way the web works in general, the victim...MORE >>

CWE-362: Race Condition

Attackers will consciously look to exploit race conditions to cause chaos or get your application to cough up something valuable...MORE >>

CWE-209: Error Message Information Leak

If you use chatty error messages, then they could disclose secrets to any attacker who dares to misuse your software. The secrets could cover a wide range of valuable data...MORE >>

CATEGORY: Risky Resource Management

CWE-119: Failure to Constrain Operations within the Bounds of a Memory Buffer

Buffer overflows are Mother Nature's little reminder of that law of physics that says if you try to put more stuff into a container than it can hold, you're...MORE >>

CWE-642: External Control of Critical State Data

There are many ways to store user state data without the overhead of a database. Unfortunately, if you store that data in a place where an attacker can...MORE >>

CWE-73: External Control of File Name or Path

When you use an outsider's input while constructing a filename, you're taking a chance. If you're not careful, an attacker could... MORE >>

CWE-426: Untrusted Search Path

If a resource search path is under attacker control, then the attacker can modify it to point to resources of the attacker's choosing. This causes the software to access the wrong resources at the wrong time...MORE >>

CWE-94: Failure to Control Generation of Code (aka 'Code Injection')

For ease of development, sometimes you can't beat using a couple lines of code to employ lots of functionality. It's even cooler when...MORE >>

CWE-494: Download of Code Without Integrity Check

You don't need to be a guru to realize that if you download code and execute it, you're trusting that the source of that code isn't malicious. But attackers can perform all sorts of tricks...MORE >>

CWE-404: Improper Resource Shutdown or Release

When your precious system resources have reached their end-of-life, you need to...MORE >>

CWE-665: Improper Initialization

Just as you should start your day with a healthy breakfast, proper initialization helps to ensure...MORE >>

CWE-682: Incorrect Calculation

When attackers have some control over the inputs that are used in numeric calculations, this weakness can lead to vulnerabilities. It could cause you to make incorrect security decisions. It might cause you to...MORE >>

CATEGORY: Porous Defenses

CWE-285: Improper Access Control (Authorization)

If you don't ensure that your software's users are only doing what they're allowed to, then attackers will try to exploit your improper authorization and...MORE >>

CWE-327: Use of a Broken or Risky Cryptographic Algorithm

You may be tempted to develop your own encryption scheme in the hopes of making it difficult for attackers to crack. This kind of grow-your-own cryptography is a welcome sight to attackers...MORE >>

CWE-259: Hard-Coded Password

Hard-coding a secret account and password into your software's authentication module is...MORE >>

CWE-732: Insecure Permission Assignment for Critical Resource

If you have critical programs, data stores, or configuration files with permissions that make your resources accessible to the world - well, that's just what they'll become...MORE >>

CWE-330: Use of Insufficiently Random Values

If you use security features that require good randomness, but you don't provide it, then you'll have attackers laughing all the way to the bank...MORE >>

CWE-250: Execution with Unnecessary Privileges

Spider Man, the well-known comic superhero, lives by the motto "With great power comes great responsibility." Your software may need special privileges to perform certain operations, but wielding those privileges longer than necessary can be extremely risky...MORE >>

CWE-602: Client-Side Enforcement of Server-Side Security

Remember that underneath that fancy GUI, it's just code. Attackers can reverse engineer your client and write their own custom clients that leave out certain inconvenient features like all those pesky security controls...MORE >>

How Will the Top 25 Errors Be Used?

The Top 25 Errors will have four major impacts:

  • Software buyers will be able to buy much safer software.
  • Programmers will have tools that consistently measure the security of the software they are writing.
  • Colleges will be able to teach secure coding more confidently.
  • Employers will be able to ensure they have programmers who can write more secure code.
First, software buyers will be able to buy much safer software.

Buyers will require that software vendors certify in writing that the code they are delivering is free of these 25 programming errors. Certification shifts responsibility to the vendor for correcting the errors and for any damage caused by those errors. The standard procurement language under development by the State of New York and other state governments already is being adjusted to use the Top 25 Errors. Over time the multi-national Common Criteria program may also adopt the Top 25 as one approach for ensuring code purchased by the US government is free of the Top 25 errors.

Second, programmers will have tools that consistently measure the security of the software they are writing.

Software testing tools will use the Top 25 in their evaluations and provide scores for the level of secure coding in software being tested. In parallel with this announcement, on January 12, one of the leading software testing vendors is announcing that its software will be able to test for and report on the presence of a large fraction of the Top 25 Errors. Application development teams will use such testing software during the development process.

Colleges will be able to teach secure coding more confidently.

Colleges and others who prepare programmers will use the Top 25 Errors as a foundation for curriculum that ensures their students know how to avoid the critical programming errors. One of the colleges that participated in developing the Top 25, UC Davis, has already established a secure coding clinic where student-written software is reviewed for the key programming errors that lead to critical security vulnerabilities. The Top 25 enables the clinic to prioritize errors in its review. Other colleges are beginning to emulate the secure coding clinics.

Employers will be able to ensure they have programmers who can write more secure code.

Employers will use the Top 25 Errors list as a guide for evaluating and improving skills of programmers they hire and of outsourced programming talent. More than 100 large employers are already using a common assessment tool called the GSSP (GIAC Secure Software Programmer) to measure secure coding skills. The GSSP exams are being reviewed in an effort to fully incorporate and highlight mastery of programming knowledge needed to find and eliminate or avoid the Top 25. More data on the GSSP may be found at http://www.sans-ssi.org/ and organizations with at least 500 programmers may have up to 100 of those programmers? secure coding skills assessed confidentially and at no cost. Email This e-mail address is being protected from spam bots, you need JavaScript enabled to view it to get that started.

Courses are available that teach secure coding skills to programmers in C/C++, in Java, and in .NET languages. Information at http://www.sans-ssi.org/courses/

Resources to Help Eliminate The Top 25 Errors

The TOP 25 Errors List will be updated regularly and will be posted at both the SANS and MITRE sites
www.sans.org/top25
cwe.mitre.org/top25/

MITRE maintains the CWE (Common Weakness Enumeration) web site, with the support of the US Department of Homeland Security's National Cyber Security Division, presenting detailed descriptions of the top 25 programming errors along with authoritative guidance for mitigating and avoiding them. That site also contains data on more than 700 additional programming errors, design errors and architecture errors that can lead to exploitable vulnerabilities. cwe.mitre.org/

SANS maintains a series of assessments of secure coding skills in three languages along with certification exams that allow programmers to determine gaps in their knowledge of secure coding and allows buyers to ensure outsourced programmers have sufficient programming skills. Organizations with more than 500 programmers can assess the secure coding skills of up to 100 programmers at no cost.
Email This e-mail address is being protected from spam bots, you need JavaScript enabled to view it for details
And see www.sans-ssi.org/certification/ for the GSSP Blueprints

SAFECode - The Software Assurance Forum for Excellence in Code (members include EMC, Juniper, Microsoft, Nokia, SAP and Symantec) has produced two excellent publications outlining industry best practices for software assurance and providing practical advice for implementing proven methods for secure software development.
http://www.safecode.org/publications/SAFECode_BestPractices0208.pdf http://www.safecode.org/publications/SAFECode_Dev_Practices1108.pdf

Nearly a dozen software companies offer automated tools that test programs for these errors. SANS maintains case studies of user experience with these and other security tools at www.sans.org/whatworks.

New York State has produced draft procurement standards to allow companies to buy software with security baked in.

Draft New York State procurement language will be posted at www.sans.org/appseccontract.


Be first to comment this article

 
Wonderful iPhone!
Blog
Sunday, 04 November 2007

I just got an iPhone! It is an fascinating gift from my boss to everyone in our team!


I have to admit that iPhone really redefined my phone concept... It is a phone, an iPod and a mobile computer where developers are free from traditional mobile limitations to do almost everything!

Above all, it is truly a fashion, carrying Apple's philosophy of beauty: every single detail in this state of the art shows great care to customers.

Well, guess who was the first one called me on this phone? Surprisingly, it’s Google …

Comments (1)

 
HAPPY BIRTHDAY :">
Blog
Thursday, 27 September 2007
It might neither your first love, nor your last one.
But I wish I can make it as long as I live and as long as you like.

*****
On this special day...the first time I confided my love to you
Have a sweet dream with my whispering "I love you"...yes..."I love you"
It might neither be your first love, yet your... last one :">
Still I wish every moment with you could be rewinded forever...

                                                           Your love,

Be first to comment this article

 
<< Start < Prev 1 2 3 4 5 6 7 8 9 10 Next > End >>

Results 1 - 4 of 39
Beautiful Scenery