Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

×
Security IT

The Security Industry Is Failing Miserably At Fixing Underlying Dangers 205

Posted by Soulskill
from the closing-the-barn-door dept.
cgriffin21 writes: The security industry is adding layers of defensive technologies to protect systems rather than addressing the most substantial, underlying problems that sustain a sprawling cybercrime syndicate, according to an industry luminary who painted a bleak picture of the future of information security at a conference of hundreds of incident responders in Boston Tuesday. Eugene Spafford, a noted computer security expert and professor of computer science at Purdue University, said software makers continue to churn out products riddled with vulnerabilities, creating an incessant patching cycle for IT administrators that siphons resources from more critical areas.
This discussion has been archived. No new comments can be posted.

The Security Industry Is Failing Miserably At Fixing Underlying Dangers

Comments Filter:
  • by jellomizer (103300) on Wednesday June 25, 2014 @03:27PM (#47318399)

    Well companies can do much more to improve on that front though.
    1. Architect the product, not just build it. All too often the focus is on meeting business objectives and security is added later. An product that was well thought-out and designed handles security as part of the core design as well as the business objectives.

    2. No Back door, design the program so the programmers can't get in without having rights to do so. The password DB should be only managed by the computer and humans shouldn't be able to figure it out.

    3. Infrastructure planning. The Website shouldn't also be the Database server. The Database should only allow access from select sources, and give permissions that are appropriate to the user.

    4. Plan for failure. Figure if someone breaks into the system find way to minimize the impact. Make sure the Salt for your hashes are hard to find, etc...

  • by sconeu (64226) on Wednesday June 25, 2014 @05:09PM (#47319289) Homepage Journal

    Uh, Gene *IS* an expert. He was one of the first guys to dissect the Morris worm, for example. He's been around from the beginning.

    http://en.wikipedia.org/wiki/Gene_Spafford [wikipedia.org]

    Maybe you should go FIND a fuck to give.

Nothing succeeds like success. -- Alexandre Dumas

Working...