06:14 AM
Connect Directly

Does The Press Make Too Much Of Security Warnings?

By publishing a blizzard of security bulletins and patches, are we providing useful information for users, or are just being pawns in a public-relations war between Microsoft and its competitors?

"No news is good news" is a saying that Microsoft probably has pinned to its front door. It seems that not a day goes by that some security advisory firm or other announces that a new vulnerability has been found in a Microsoft product. Until recently, that is. In the last few weeks, Firefox and Mozilla have -- not surprisingly -- become the focus of attention as well.

To tell you the truth, whenever I read another article that lists the latest flaws in a piece of popular software, I'm of two minds. On the one hand, I'm very glad that, if there was a weakness that could be exploited by malware, it was discovered by an analyst -- and, by extension, the software manufacturer -- before somebody with unpleasant intentions made use of it. If the good guys get there first, the vulnerability will presumably be fixed, and we'll all be safer.

However, there is a niggling voice in the back of my head that speculates about how serious many of these flaws are -- and how much good is done by trumpeting their existence every time another one is discovered. Are we being given important information -- or just becoming part of a public relations war between Microsoft, its competitors, and a small cadre of analysts? (Of course, as soon as that voice makes itself heard, the first one starts to yell, "Are you nuts? Of course we want to know about any flaws in our software! How else can we make sure that the manufacturers will fix their mistakes?" Things can get very interesting inside my head.)

I'm also starting to wonder if, like the Department of Homeland Security, we shouldn't simply start offering colors as indicators of how many threats have been announced in any week, and how severe they were. For example, Yellow can mean a few minor back door cracks were caught and easily handled; Orange can mean that six unpatched vulnerabilities were found in Windows XP Service Pack 2; and Red could mean that Bill Gates was seen surreptitiously buying a Mac mini.

Anyway, here are some of the more recent announcements, in case you're keeping track:

Security Firm Finds More Firefox/ Mozilla Bugs

Mozilla, Firefox Open To Attack

Firefox Patch Fixes Vulnerabilities

Microsoft Patches 'Blue Screen Of Death' In Windows XP SP2

Follow Up
The ever-interesting Mitch Wagner, who, among his other roles, edits the Security Pipeline, has expanded on this subject by asking Are Security Vendors Playing The Press For Chumps? You should definitely check it out.

Comment  | 
Print  | 
More Insights
The Business of Going Digital
The Business of Going Digital
Digital business isn't about changing code; it's about changing what legacy sales, distribution, customer service, and product groups do in the new digital age. It's about bringing big data analytics, mobile, social, marketing automation, cloud computing, and the app economy together to launch new products and services. We're seeing new titles in this digital revolution, new responsibilities, new business models, and major shifts in technology spending.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest - July 22, 2014
Sophisticated attacks demand real-time risk management and continuous monitoring. Here's how federal agencies are meeting that challenge.
Flash Poll
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
A UBM Tech Radio episode on the changing economics of Flash storage used in data tiering -- sponsored by Dell.
Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.