"5 big security mistakes you're probably making"
March 13, 2012 By Roger A. Grimes | InfoWorld
A Comment...
Mr. Grimes often speaks of patching. In the world of Microsoft and other proprietary software, I know of little other choice as a first line of defense. That's a big reason I took back my computers from Microsoft, et.al. a few years ago.
Most businesses can't do that since they've decided they like comercial software companies running their business. They no longer maintain the in-house expertise to have secure systems.
Commercial, proprietary, closed-source software can never be secure.
What about the military, NSA, etc. which have some of the most secure systems in existence? Those are all developed in-house or by contractors to exacting specifications (That's why they cost so much). Those institutions have the source code to everything mission-critical they run and they isolate what little commercial software they have.
There have been so many Windows patches that I doubt anyone but Microsoft has a count. But think about this... Every one of those flaws was either present from the initial release or introduced by a previous patch!
Thus, the vast majority of vulnerabilities over the lifetime of any program will always be uncorrected. And the number of person-hours spent looking for vulnerabilities to exploit dwarfs the person-hours that Microsoft or any other company can afford to devote to patching.
How can we have reasonably secure systems then?
The only way I know of is open-source software.
Here's an analogy... Most theft occurs at night, when the lights are off and the theif can't be seen. The first line of defense for a storefront is to leave lights on when the store is closed so police and everyone else can see inside.
Closed-sourcing hides the software's errors from everyone but those with the skill and motivation to exploit them.
Companies will never have secure systems till they realize that the United States can never compete with developing countries on price. Trying to by outsourcing and using commercial software have been short-sighted.
When they take back control of their computer systems -- the engine their entire business depends on -- they will once again be able to compete the only way a country with our standard of living can... with innovation.
A Comment...
Mr. Grimes often speaks of patching. In the world of Microsoft and other proprietary software, I know of little other choice as a first line of defense. That's a big reason I took back my computers from Microsoft, et.al. a few years ago.
Most businesses can't do that since they've decided they like comercial software companies running their business. They no longer maintain the in-house expertise to have secure systems.
Commercial, proprietary, closed-source software can never be secure.
What about the military, NSA, etc. which have some of the most secure systems in existence? Those are all developed in-house or by contractors to exacting specifications (That's why they cost so much). Those institutions have the source code to everything mission-critical they run and they isolate what little commercial software they have.
There have been so many Windows patches that I doubt anyone but Microsoft has a count. But think about this... Every one of those flaws was either present from the initial release or introduced by a previous patch!
Thus, the vast majority of vulnerabilities over the lifetime of any program will always be uncorrected. And the number of person-hours spent looking for vulnerabilities to exploit dwarfs the person-hours that Microsoft or any other company can afford to devote to patching.
How can we have reasonably secure systems then?
The only way I know of is open-source software.
Here's an analogy... Most theft occurs at night, when the lights are off and the theif can't be seen. The first line of defense for a storefront is to leave lights on when the store is closed so police and everyone else can see inside.
Closed-sourcing hides the software's errors from everyone but those with the skill and motivation to exploit them.
Companies will never have secure systems till they realize that the United States can never compete with developing countries on price. Trying to by outsourcing and using commercial software have been short-sighted.
When they take back control of their computer systems -- the engine their entire business depends on -- they will once again be able to compete the only way a country with our standard of living can... with innovation.
Labels: bug, contracting, linux, microsoft, open source, security
0 Comments:
Post a Comment
<< Home