Does The Press Make Too Much Of Security Warnings?
By publishing a blizzard of security bulletins and patches, are we providing useful information for users, or are just being pawns in a public-relations war between Microsoft and its competitors?
"No news is good news" is a saying that Microsoft probably has pinned to its front door. It seems that not a day goes by that some security advisory firm or other announces that a new vulnerability has been found in a Microsoft product. Until recently, that is. In the last few weeks, Firefox and Mozilla have -- not surprisingly -- become the focus of attention as well.
To tell you the truth, whenever I read another article that lists the latest flaws in a piece of popular software, I'm of two minds. On the one hand, I'm very glad that, if there was a weakness that could be exploited by malware, it was discovered by an analyst -- and, by extension, the software manufacturer -- before somebody with unpleasant intentions made use of it. If the good guys get there first, the vulnerability will presumably be fixed, and we'll all be safer.
However, there is a niggling voice in the back of my head that speculates about how serious many of these flaws are -- and how much good is done by trumpeting their existence every time another one is discovered. Are we being given important information -- or just becoming part of a public relations war between Microsoft, its competitors, and a small cadre of analysts? (Of course, as soon as that voice makes itself heard, the first one starts to yell, "Are you nuts? Of course we want to know about any flaws in our software! How else can we make sure that the manufacturers will fix their mistakes?" Things can get very interesting inside my head.)
I'm also starting to wonder if, like the Department of Homeland Security, we shouldn't simply start offering colors as indicators of how many threats have been announced in any week, and how severe they were. For example, Yellow can mean a few minor back door cracks were caught and easily handled; Orange can mean that six unpatched vulnerabilities were found in Windows XP Service Pack 2; and Red could mean that Bill Gates was seen surreptitiously buying a Mac mini.
Anyway, here are some of the more recent announcements, in case you're keeping track:
5 Top Federal Initiatives For 2015As InformationWeek Government readers were busy firming up their fiscal year 2015 budgets, we asked them to rate more than 30 IT initiatives in terms of importance and current leadership focus. No surprise, among more than 30 options, security is No. 1. After that, things get less predictable.
Top IT Trends to Watch in Financial ServicesIT pros at banks, investment houses, insurance companies, and other financial services organizations are focused on a range of issues, from peer-to-peer lending to cybersecurity to performance, agility, and compliance. It all matters.
Join us for a roundup of the top stories on InformationWeek.com for the week of September 18, 2016. We'll be talking with the InformationWeek.com editors and correspondents who brought you the top stories of the week to get the "story behind the story."