Does The Press Make Too Much Of Security Warnings?
By publishing a blizzard of security bulletins and patches, are we providing useful information for users, or are just being pawns in a public-relations war between Microsoft and its competitors?
"No news is good news" is a saying that Microsoft probably has pinned to its front door. It seems that not a day goes by that some security advisory firm or other announces that a new vulnerability has been found in a Microsoft product. Until recently, that is. In the last few weeks, Firefox and Mozilla have -- not surprisingly -- become the focus of attention as well.
To tell you the truth, whenever I read another article that lists the latest flaws in a piece of popular software, I'm of two minds. On the one hand, I'm very glad that, if there was a weakness that could be exploited by malware, it was discovered by an analyst -- and, by extension, the software manufacturer -- before somebody with unpleasant intentions made use of it. If the good guys get there first, the vulnerability will presumably be fixed, and we'll all be safer.
However, there is a niggling voice in the back of my head that speculates about how serious many of these flaws are -- and how much good is done by trumpeting their existence every time another one is discovered. Are we being given important information -- or just becoming part of a public relations war between Microsoft, its competitors, and a small cadre of analysts? (Of course, as soon as that voice makes itself heard, the first one starts to yell, "Are you nuts? Of course we want to know about any flaws in our software! How else can we make sure that the manufacturers will fix their mistakes?" Things can get very interesting inside my head.)
I'm also starting to wonder if, like the Department of Homeland Security, we shouldn't simply start offering colors as indicators of how many threats have been announced in any week, and how severe they were. For example, Yellow can mean a few minor back door cracks were caught and easily handled; Orange can mean that six unpatched vulnerabilities were found in Windows XP Service Pack 2; and Red could mean that Bill Gates was seen surreptitiously buying a Mac mini.
Anyway, here are some of the more recent announcements, in case you're keeping track:
The Business of Going DigitalDigital business isn't about changing code; it's about changing what legacy sales, distribution, customer service, and product groups do in the new digital age. It's about bringing big data analytics, mobile, social, marketing automation, cloud computing, and the app economy together to launch new products and services. We're seeing new titles in this digital revolution, new responsibilities, new business models, and major shifts in technology spending.