• E-mail this page
• |  Print this page
• | 
• | 
• | 

Software (In) Security

Even a casual viewer of network news knows we seem to be reaching an epidemic state of broken, vulnerable and patched-to-pieces software. We can't send attachments to each other any more -- even if our company's firewall will accept it, we daren't open it half the time. And you can kiss the fun of E-greeting cards goodbye. We have become increasingly leary of shopping online, so much so that another recent survey found that more than four-fifths of the 8,000 consumers surveyed reported feeling threatened or extremely threatened by online fraud and identity theft. This fear is allegedly influencing consumer decisions about where to shop, bank, and invest online.

Moreover, we're also finding ourselves devoting more and more time -- at work and at home -- to monitoring vendor and security Web sites for reports of more problems, and the fixes that follow. And you can't take your eye off the ball then because patches and fixes are just as likely to be corrupted or to break other applications or parts thereof, as they are to fix the initial problem.

In short, it's getting harder and harder to just log on and compute, so to speak.

I am not a programmer, and I am not a developer, so it's not like I can offer up a technical solution. (Though it seems fair to say that neither can the people who're building these applications.) Even so, the constant stream of hacking incidents, patches, and re-patches has to leave you to wonder -- I know I do -- whether application development is going to be able to keep pace with the growing skills of the hacker community.

I don't know if there are different programming techniques that could be tried or better languages that should be deployed. Or maybe it's more that security efforts will have to simply abandon the application level and push out to the firewalls and other technical barriers being erected around the corporate fortress and home PCs. I don't know what the solution is. But it does seem that unless something changes, we're just going to see more and more of these patches until what -- applications start running into other external problems traceable back to what ever fixed the internal breach? Until it becomes routine for entire networks to be brought down for a couple of hours at a time? Til we scurry back to the safety, if snail pace, of sneaker net? Then where is your computer-generated productivity? Until the consumers of software lose patience -- or faith -- in the purveyors of these programs?

With automated, often useless support, and minimal access to one-on-one assistance, we can't afford to leave users exposed to these weaknesses. Applications need to be more secure than they are now. The fixes to these vulnerabilities had better work the first time. Something has to give. I just don't know what it will be.

But on the opposite end of this issue -- the courtroom, I do know that the sentences we're seeing handed down for various computer crimes are ridiculous. Too many exceptions are being made -- be it for the age of the defendant or as in one recent case, for being "cooperative," but not providing any substantive help to the prosecution.

We need to slam the prison door shut on the perpetrators while we figure out how to slam the digital door shut on breaches in the first place. Which brings me back to my original premise, laid out in a May 27th blog entry, Security Is The New Cold War, which is that it's going to take a whole lot of communal effort from a whole lot of angles to keep up with, never mind combat, or even defeat, computer criminals. We're already too far behind.

« VC Dollars Redirected To China From United States | Main | Animated Map Of Coalition Deaths Helps Site Visitors Visualize Casualties Of War »