U.S. rolls out plan to protect business websites

By Lolita C. Baldor Associated Press WASHINGTON (AP) -- Businesses facing a growing threat of cyberattacks against their websites will now have more tools to protect themselves and harden their Internet sites against hackers. The Homeland Security Department will help small companies and nonprofit groups avoid programming problems that allow hackers to get into the businesses' websites. The government's latest cybersecurity effort follows a series of high-profile hacking attacks against corporate and federal websites, including one that recently shut down the CIA's site for several hours. The new program was developed with the Mitre Corp. and is an effort to shore up known weaknesses in programming that give hackers a backdoor into websites. The effort began well before the recent website attacks. It includes a list of top 25 technical software problems that hackers exploit and sets up a way to rank software so that customers can see whether it meets necessary standards. Right now, when owners of small businesses buy software or hire a firm to build a website, it is difficult to know whether the programs are secure or not, said Alan Paller, director of research at SANS Institute, a computer-security organization. He said the information, which has been compiled on a special website that the public can view, will tell people what to look for in setting up a secure website and how to judge potential programming errors. It also sets up a scorecard, so that companies looking for a firm to set up a website can check their security score. The effort is aimed at the more than 1 million computer programmers and other high-tech professionals who write code, build websites and develop software. It lays out known software weaknesses and how to fix them. ---------- Online: DHS/Mitre Corp.: http://cwe.mitre.org/ Published: Wed, Jun 29, 2011