Does The Press Make Too Much Of Security Warnings? - InformationWeek
06:14 AM

Does The Press Make Too Much Of Security Warnings?

By publishing a blizzard of security bulletins and patches, are we providing useful information for users, or are just being pawns in a public-relations war between Microsoft and its competitors?

"No news is good news" is a saying that Microsoft probably has pinned to its front door. It seems that not a day goes by that some security advisory firm or other announces that a new vulnerability has been found in a Microsoft product. Until recently, that is. In the last few weeks, Firefox and Mozilla have -- not surprisingly -- become the focus of attention as well.

To tell you the truth, whenever I read another article that lists the latest flaws in a piece of popular software, I'm of two minds. On the one hand, I'm very glad that, if there was a weakness that could be exploited by malware, it was discovered by an analyst -- and, by extension, the software manufacturer -- before somebody with unpleasant intentions made use of it. If the good guys get there first, the vulnerability will presumably be fixed, and we'll all be safer.

However, there is a niggling voice in the back of my head that speculates about how serious many of these flaws are -- and how much good is done by trumpeting their existence every time another one is discovered. Are we being given important information -- or just becoming part of a public relations war between Microsoft, its competitors, and a small cadre of analysts? (Of course, as soon as that voice makes itself heard, the first one starts to yell, "Are you nuts? Of course we want to know about any flaws in our software! How else can we make sure that the manufacturers will fix their mistakes?" Things can get very interesting inside my head.)

I'm also starting to wonder if, like the Department of Homeland Security, we shouldn't simply start offering colors as indicators of how many threats have been announced in any week, and how severe they were. For example, Yellow can mean a few minor back door cracks were caught and easily handled; Orange can mean that six unpatched vulnerabilities were found in Windows XP Service Pack 2; and Red could mean that Bill Gates was seen surreptitiously buying a Mac mini.

Anyway, here are some of the more recent announcements, in case you're keeping track:

Security Firm Finds More Firefox/ Mozilla Bugs

Mozilla, Firefox Open To Attack

Firefox Patch Fixes Vulnerabilities

Microsoft Patches 'Blue Screen Of Death' In Windows XP SP2

Follow Up
The ever-interesting Mitch Wagner, who, among his other roles, edits the Security Pipeline, has expanded on this subject by asking Are Security Vendors Playing The Press For Chumps? You should definitely check it out.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
2017 State of the Cloud Report
As the use of public cloud becomes a given, IT leaders must navigate the transition and advocate for management tools or architectures that allow them to realize the benefits they seek. Download this report to explore the issues and how to best leverage the cloud moving forward.
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on for the week of November 6, 2016. We'll be talking with the editors and correspondents who brought you the top stories of the week to get the "story behind the story."
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll