Re: Year After 9/11, Cyberspace Door Is Still Ajar

From: Charles Hixson (charleshixsn@earthlink.net)
Date: Mon Sep 09 2002 - 15:52:17 MDT


Harvey Newstrom wrote:

> ...
> That is not particularly surprising in tight economic times, when most
> information technology spending has focused on incremental
> improvements to current systems, said Art Coviello, the chief
> executive of RSA Data Security, a computer network security company in
> Bedford, Mass. At a conference of chief information officers early
> this year, Mr. Coviello recalled, executives listed the top three
> priorities in 2002 as "cut costs, cut costs and cut costs."
> ...
> Since then, he said, software companies have grown far more serious
> about plugging the kinds of vulnerabilities that Nimda exploited.
> Microsoft, for example, shut down its software development efforts for
> nearly two months in a $100 million effort to analyze Windows software
> for bugs and to train its engineers in "trustworthy computing" techniques.
> Other major software makers have announced similar efforts to make
> security "not an add-on, but a central thought" in software design,
> Mr. Clarke said. Industries that did not pay much heed to
> cybersecurity before — Mr. Clarke cited power companies as an example
> — have "really begun taking security seriously," with widespread use
> of encryption to shield data from prying eyes and authentication
> systems to ensure that only authorized people have access to critical
> system controls.
> ...
> --
> Harvey Newstrom, CISSP <www.HarveyNewstrom.com>
> Principal Security Consultant <www.Newstaff.com>
>
But can anyone who uses MS for a critical safety function be trusted?
 They are trusting in the honor an integrity of MS, and it has
repeatedly proved that it doesn't have any. As far as I can tell (I
can't, but neither can anyone else) the main effort that MS put into
software this last year was in new and creative licensing restrictions.

As for what to use for a secure system ... FreeBSD has a pretty good
record. And the price is hard to beat. Linux is pretty good, if you
need a more user friendly face on your software. And neither of them
will break your budget. So economy isn't a reason to skimp on security.
 I think it's more to do with "lazy thinking". If you stick with what
you know, you don't need to learn anything new. And you can always
blame someone else if things go wrong.

-- 
-- Charles Hixson
Gnu software that is free,
The best is yet to be.


This archive was generated by hypermail 2.1.5 : Sat Nov 02 2002 - 09:16:53 MST