Login, change your address, subscribe to new or manage current magazines or e-newsletter subscriptions
IT World Events
Site Map - Affiliates
Computerworld Publication PageNetworkWorld Publication PageCIO Canada Publication PageITJobUniverse.ca - The Information, Communication and Technology (ICT) Job Board
Enter your  QUICKLINK number to go directly to that article.
Advanced Search
Knowledge Centres
Content Types
Featured White Papers
Gartner Research Note "Boost SharePoint Performance with an Application Delivery Network"Gartner Research Note "Boost SharePoint Performance with an Application Delivery Network"
Provided by: Citrix
read more
From fear to value: CIO strategies for propelling business through the economic crisisFrom fear to value: CIO strategies for propelling business through the economic crisis
Provided by: IBM
read more
Reaping the rewards of your service-oriented architecture infrastructureReaping the rewards of your service-oriented architecture infrastructure
Provided by: IBM
read more
Yuk it Up
Featured White Papers
Download the Network Barometer Report, which aggregates findings from secure network infrastructure assessments conducted for more than 150 organisations around the world. It provides some surprising stats on the state of network (un)readiness prevalent today; the reasons why organisations are failing at remediating known vulnerabilities; recommendations on assessing your own infrastructure, and on ways to improve your state of readiness to support the business; and more.
Early-generation server load-balancing technology has proven to be an invaluable asset, especially for organizations hosting widely utilized Web applications. But business requirements evolve, as do the processes and technologies used to fulfill them. The many changes and trends that have taken hold since SLBs were first introduced expose the need for enterprises to step up from a simple load-balancing solution to a more comprehensive application delivery solution . This paper is intended to serve as a guide for organizations looking to replace their early-generation SLBs, providing details on the top eight criteria to use during an evaluation process.
Featured Spotlight
Keep up on who's hiring, who's downsizing and how the government is helping. News, job opportunities, recruiters and employment lawyers are all available.
Cybersecurity czar gets tough on responsibility
Page 1 of 1

Digg it Twitter

Cybersecurity czar gets tough on responsibility

By: Dan Verton - Computerworld  (01 Aug 2002)

President Bush's chief cybersecurity adviser yesterday expanded the administration's concept of corporate responsibility, warning the IT industry that it is no longer acceptable to sell glitch-riddled software, and urged users to stop buying software that they know isn't secure.

"Every day in this country there are companies suffering from damages and losses" that are the result of poorly engineered software, said Richard Clarke, chairman of the President's Critical Infrastructure Protection Board. "The quality control obviously isn't there," he said, speaking at the annual Black Hat computer security conference.

Clarke's comments were met with thunderous applause from a crowd of more than 1,500 hackers and IT security experts attending this year's convention, the largest in its six-year history. As the country reels from a series of corporate corruption cases, Clarke called for the beginning of a new dialogue in the IT sector focused on corporate responsibility and transparency with respect to IT security.

Problems with software quality and security go beyond the failure of systems administrators to routinely update their systems with new patches, Clarke said. The patches themselves often have glitches that cause "unforeseen consequences" for companies when they install them, he said. As a result, many companies fall behind in patch deployment because they must first test the patches to see what additional problems they might cause.

"Rather than reject Bill Gates' statement that he's going to make security job No. 1, I welcome it," said Clarke. "And I'm going to hold him to it," he said, adding that other major software vendors should step forward with similar pledges.

Harris Miller, president of the Information Technology Association of America in Arlington, Va., said IT vendors have been moving aggressively on "baking in" rather than "painting on" security for a long time. However, "we are never going to have perfect software, any more than we have perfect buildings or perfect cars or perfect airplanes or any perfect products designed and built by humans," Miller said. "What is necessary is for consumers to understand that upgrades and patches will continue, just as cars get recalled to fix problems in the original vehicle."

But Clarke aimed his message at both sides of the supply and demand equation, particularly in the wireless access market. "Why is it that companies have sold [wireless] products that they know are not secure?" he said. "And why is it that companies have bought them? We all ought to shut them off until the technology gets better."

Although Clarke blamed the government to a certain extent for allowing security awareness to flounder, he also blamed telecommunications companies, Internet service providers and cable companies for offering broadband connections with little or no mention of the inherent security vulnerabilities in such connections.

Tens of millions of people hook up to the Internet via a broadband connection, such as a cable modem, but only one service provider currently warns customers of the risks involved and the need for a firewall to protect their sensitive data, said Clarke.

"[Broadband companies] want to make it cheap for people to become vulnerable to be hacked," said Clarke. "It's like selling a car without a seat belt." He urged ISPs to offer security options as part of a standard or premium subscription package.

"I think we have to play the role of Paul Revere in waking people up," said Clarke. "I don't think we can rely on the software companies to find their own vulnerabilities."

But the government may soon be doing more than playing Paul Revere. As Clarke prepares to release on Sept. 18 the National Plan for Protecting Cyberspace, he also may expand to all federal agencies a new U.S. Department of Defence policy that requires all new IT purchases to be made from a list of independently certified product lines. "The government buys a lot of software," said Clarke, referring to the US$20 billion budgeted for IT during the next three years. "That will create a market force that will drive security."

Page 1 of 1
Send to a Friend  Rate This Page  Print This PageAdd a new comment
Bookmark this article on:
del.icio.us| Digg it| Furl| Google| Technorati| StumbleIt| Yahoo!

Have something to say about this article? Add a new comment

If you find a comment inappropriate, You can notify the moderator by clicking the Report an innapropriate comment icon.
ADD A COMMENT
Name:*Your email address will not appear online and will be used only in the event that the editor wishes to contact you personally for additional comment.
City:
Email:
Title:*
Comment:*
* required fields



White Papers
Improving business through smart energy and environment policy
Businesses and public entities today face increasing pressure to develop policies that are both good for the planet and good for business. A framework developed by IBM offers businesses and other organizations a comprehensive approach to energy and environmental issues. The framework helps identify and prioritize environmental efforts by breaking down problems and opportunities into seven distinct business areas, which can then be segmented into manageable projects.
Copyright InformationPrivacy Policy Site MapAbout UsMedia CentreReprint ServicesMobileFeedbackContact Us
ComputerWorld Canada | NetworkWorld Canada | CIO Canada | IT Business | CDN | Direction Informatique | PCWorld Canada | Macworld Canada | IT Job Universe | my IT Vendor
©2009 ITworldcanada.com All rights reserved.