Cloud // Cloud Storage
News
12/15/2010
04:26 PM
Alison Diana
Alison Diana
Slideshows
Connect Directly
RSS
E-Mail
50%
50%
Repost This

Top 10 Security Stories Of 2010

As smartphones and tablets complement and battle with notebooks and PCs as routes to the connected world, as corporate users and consumers turn to both traditional Web sites and newer social networking sites to communicate, share ideas, trade business concepts, and shop, corporate IT professionals and the government organizations overseeing the nation's cybersecurity are all-too aware they must do more. And they must do it fast. Recognizing this, the federal government hopes to create a new wave
Previous
6 of 10
Next


Responsible disclosure continues to generate debate, as security and compliance professionals ponder their obligation to notify vendors, the public, or both. The topic came to a boiling point in June when Google security engineer Tavis Ormandy told Microsoft he had discovered a security vulnerability in Windows XP; Microsoft acknowledged receipt of the report. Five days later, Ormandy posted details of the vulnerability and proof-of-concept code to the Full Disclosure list, a move he made due to the severity of the vulnerability, he said. "But five days notice for Microsoft to fix the problem hardly seems like a reasonable amount of time to me," said Graham Cluley, senior technology consultant at Sophos, in a company blog.

In July, Google asked the computer security community to reconsider the meaning of responsible disclosure and to adopt a more rigorous approach in order to respond more quickly to vulnerabilities. "We've seen an increase in vendors invoking the principles of 'responsible' disclosure to delay fixing vulnerabilities indefinitely, sometimes for years; in that timeframe, these flaws are often rediscovered and used by rogue parties using the same tools and methodologies used by ethical researchers," the Google security team said.

SEE ALSO:

Microsoft Challenged By Security Researchers

Google Seeks Redefinition Of 'Responsible Disclosure'

Adobe Acknowledges Active Flash Exploit

Google Sued Over Past Toolbar Troubles

Comodo Warns Of VeriSign SSL Vulnerability

Previous
6 of 10
Next
Comment  | 
Print  | 
More Insights
Google in the Enterprise Survey
Google in the Enterprise Survey
There's no doubt Google has made headway into businesses: Just 28 percent discourage or ban use of its productivity ­products, and 69 percent cite Google Apps' good or excellent ­mobility. But progress could still stall: 59 percent of nonusers ­distrust the security of Google's cloud. Its data privacy is an open question, and 37 percent worry about integration.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Elite 100 - 2014
Our InformationWeek Elite 100 issue -- our 26th ranking of technology innovators -- shines a spotlight on businesses that are succeeding because of their digital strategies. We take a close at look at the top five companies in this year's ranking and the eight winners of our Business Innovation awards, and offer 20 great ideas that you can use in your company. We also provide a ranked list of our Elite 100 innovators.
Video
Slideshows
Twitter Feed
Audio Interviews
Archived Audio Interviews
GE is a leader in combining connected devices and advanced analytics in pursuit of practical goals like less downtime, lower operating costs, and higher throughput. At GIO Power & Water, CIO Jim Fowler is part of the team exploring how to apply these techniques to some of the world's essential infrastructure, from power plants to water treatment systems. Join us, and bring your questions, as we talk about what's ahead.