- What does Cisco have against Quebec?
- Attrition.org nails another nitwit
- Diary of a deliberately spammed housewife
- Seven cloud-computing security risks
- 20 great Windows open source projects
News | Newsletters | Podcasts | Chats | Opinions | RSS Feeds | This Week In Print | IT Careers | Community | Reports | Downloads | Slideshows | New Data Center
Partner Sites:App Performance | On Demand Security | Networking Solution | SOA | Value of WDS
Companies and home Internet users need to accept that the global computer network is inherently vulnerable to attacks, worms, trojans and anything else miscreants want to unleash on it, and then accept that securing the system is everyone's responsibility, a panel of security experts said Monday at the Comdex trade show.
Security can't be accomplished through applying patches to vulnerable software, panelists agreed, though they varied in how best to make the Internet more secure and disagreed sharply in some areas, with Bruce Schneier, founder and CTO of Counterpane Internet Security, serving as the naysayer - a role he seemed to relish.
"As a scientist, I can tell you that we have no clue how to write secure code," Schneier said, prompting agreement from John Weinschenk, vice president of the Enterprise Services Group at VeriSign, who said the best that can be done is to protect corporate computer systems and Web sites so that if there is an attack they aren't taken out for a long, costly period.
"I think every software vendor here can do a better job of providing more secure software," Gene Hodges, president of Network Associates, chimed in. As the discussion went on, though, it was that idea that led Schneier into one of his favorite topics - liability.
The panelists were led by moderator Andrew Briney, editor-in-chief of Information Security Magazine, into chatting broadly about their views on whether there should be more government regulation related to securing cyberspace, and as the other panelists talked, Schneier went from grinning to smirking to shaking his head. Briney commented that Schneier seemed to be disagreeing and asked him which comments he found fault with to which Schneier replied: "Which part should I respond to - I don't even know."
Then things got lively.
"The reason the software you buy isn't secure is that companies don't care," Schneier said. Software vendors care about profits and without a sufficient push from concerned users willing to pay more for security features, companies just are not going to slow the production cycle to add those features. Security is not a priority.
Microsoft with its ballyhooed Trustworthy Computing initiative drew particular invective. "Microsoft is producing software that is completely insecure," Schneier said, prompting scattered applause from the audience. "The reason is there is no liability for producing a shoddy product." If car makers produced vehicles that did not operate properly, they would be held liable and sued, but the same doesn't happen with software makers, Schneier said.
Rss FeedRss Feed
and there is always a but... firebug doesnt work :(- Anonymous
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 |
Copyright © 1994-2008 Network World, Inc. All rights reserved. |
Comment