Subscribe to this blog's feed

Amazon

Recent Posts

Bio

  • David Rice is an internationally recognized information security professional and an accomplished educator and visionary. For a decade he has advised, counseled, and defended global IT networks for government and private industry.

    David has been awarded by the U.S. Department of Defense for “significant contributions” advancing security of critical national infrastructure and global networks. Additionally, David has authored numerous IT security courses and publications, teaches for the prestigious SANS Institute, and has served as adjunct faculty at James Madison University. He is a frequent speaker at information security conferences and currently Director of The Monterey Group.

Archives

More...

Links

Blog powered by TypePad

The views and opinions expressed are those of the author and do not reflect the official policy, position, or recommendations of the author's affiliations, partners, employers, or clients.

« Book Review: Dorothy Denning | Main | Espionage, Olympics, and the Internet »

March 19, 2008

Insanity: 75% of Security Breaches Due to Flaws in Software

CSO Magazine ran this article on March 8, 2008:

Insanity - Doing the Same Thing Over and Over Again Expecting a Different Result

To quote:

A Gartner study indicates that 75% of security breaches are due to flaws in software...Do you think we would see a significant decrease in the number of data breaches and records stolen if we shifted our spend to actually writing proper code and protecting data at the source instead of at the edge? I think it is time we gained a few IQ percentage points and stopped the insanity.

I would tend to argue, unequivocally, yes. Absolutely yes. Our perverse and dysfunctional relationship with software, particularly insecure software, is not only insane, but outright madness. Those who have read my blog and Geekonomics know my mantra:

Insecure software sends an unmistakable message of disorder into the environment of cyber space. Small elements of disorder (like software vulnerabilities) invite greater elements of disorder, even cyber crime.

Cyber crime, in part, preys on the weaknesses software manufacturers themselves fail to detect before releasing/publishing the application into the global stream of commerce. To change the story of software, and thus the story of cyber crime, software manufacturers need different incentives to improve the quality and security of software.

Stop the rising trend of vulnerabilities, and thus the insanity, at its source. To do so is painful, difficult, complicated, and troublesome. Human endeavors of any significance are like this. I would argue History has taught us that much, at least.

Posted on March 19, 2008 |

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a00e54f9408a3883400e55136859f8833

Listed below are links to weblogs that reference Insanity: 75% of Security Breaches Due to Flaws in Software:

Comments

Feed You can follow this conversation by subscribing to the comment feed for this post.

The comments to this entry are closed.