- Insider threat looms large in San Francisco
- Woman fired over death threat
- IT admin pleads not guilty
- Tape storage gets more dense
- Top 10 worst uses for Windows
News | Newsletters | Podcasts | Chats | Opinions | RSS Feeds | This Week In Print | IT Careers | Community | Reports | Downloads | Slideshows | New Data Center
Partner Sites:App Performance | On Demand Security | Networking Solution | SOA | Value of WDS
WASHINGTON, D.C. - The debate over whether corporate network executives or their software suppliers should shoulder the burden for improving the nation's cybersecurity is shifting direction as pressure mounts for vendors to ship safer products.
Until now, the software industry has placed most of the responsibility for securing the nation's information infrastructure on customers of their products. IT lobbying groups have issued recommendations for corporate users, while discouraging new regulations for software vendors.
Corporate executives, who find their organizations vulnerable to viruses and other attacks despite spending more of their IT dollars on security, are fed up.
"Until we address some of the software issues - the fundamental flaws in the software we are all using - we are not going to solve the cybersecurity problem," says Marian Hopkins, director of public policy for the Business Roundtable, an association of CEOs of the nation's largest companies.
The Business Roundtable says it will issue a set of guidelines on cybersecurity this month that urges vendors to improve their products.
Software vendors are starting to own up to their responsibilities.
Last week, the industry acknowledged for the first time in a report to the Bush administration that the Department of Homeland Security should examine whether "tailored government action is necessary to increase security across the software development cycle."
| Deep thoughts The National Cyber Security Partnership has issued three reports in recent weeks: |
|||||||
|
The recommendations in the fine print of a report by the National Cyber Security Partnership (NCSP) say the federal government should consider such options as "liability and liability relief, regulation and regulatory reform, tax incentives, enhanced prosecution, research and development, education and other incentives."
The umbrella organization, which includes the leadership of the IT industry's top lobbying groups, including the Business Software Alliance, recommends that the Department of Homeland Security produce a report in 2005 that considers how it would be best for the federal government to take action on cybersecurity while preserving innovation.
The NCSP's other recommendations include: improving the quality of computer security training at universities; developing a software security accreditation program; creating best practices for building security into software design; and adopting guiding principles for patch management.
"Hardware and software vendors are responsible for paying greater attention to secure products," says Marc Jones, chair of the NCSP's enterprise task force and CEO of network software vendor Visionael. "Whenever possible, they should be taking the responsibility off the end user. That's a reasonable request."
However, Jones warns, improving the software development process is not easy. "There are definite efforts to establish best practices for the software vendors . . . but that's not an overnight activity," he says. "And that doesn't mean consumers or businesses will adopt these new products overnight."
Demonstrating the pressure that software vendors feel about cybersecurity issues, Microsoft Chairman and Chief Software Architect Bill Gates sent a letter to corporate customers last week outlining the software giant's progress on improving the security of its operating systems. He cited recent and pending security enhancements to Windows XP Service Pack 2 and Windows Server 2003. He also highlighted what he called "significant'' investments by Microsoft in four areas of security: isolation and resiliency; updating; quality and authentication; and access control.
"Reducing the impact of viruses and worms to an acceptable level requires fundamentally new thinking about software quality, continuous improvement in tools and processes, and ongoing investments in resilient new security technologies designed to block malicious or destructive software code before it can wreak havoc,'' Gates wrote. "It also requires computer users to be proactive about deploying and managing products.''
Rss FeedRss Feed
I finaly beat level 26 six the begining was the biggest problem- Anonymous
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 |
Copyright © 1994-2008 Network World, Inc. All rights reserved. |
Partner Content
Brilliantly simple security and control solutions for email, web and endpoint
www.sophos.com
Stopping data leakage
Learn how to exploit your current security investment to control the information that flows into, through and out of your network.
Download the white paper.
Why detection rates aren't enough
Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask to prospective vendors to get the right endpoint solution.
Download the white paper.
Unauthorized applications: Taking back control
Employees installing and using unauthorized applications like IM, VoIP, games and peer-to-peer file-sharing applications cause many businesses serious concern. How do you control these applications?
Download the white paper.
Comment