Buggy Software is Your Fault, Too
Hackers’ preferred method of breaking into businesses these days is exploiting flaws in Web browsers, word-processing documents and other software. The reason these applications are vulnerable to attack: No one wants the responsibility for making sure this software is secure.
The man pointing the finger at, well, everybody is Howard Schmidt, a security consultant who used to be the top-ranking cyber-security official in George W. Bush’s Whitehouse. Schmidt spoke to the Business Technology Blog while waiting in line to get the software on his iPhone upgraded - although he called us on his BlackBerry.
The problem, according to Schmidt, is that the people who oversee software development focus on finishing projects on time and under budget. It’s not that security is incompatible with coding cheaply and fast, but it does make development a little more complicated, because programmers can’t take many of the shortcuts they’re used to. Schmidt says that writing software with security in mind from the outset is the tech equivalent of building a house without flammable materials.
But it’s one thing for a business to insist that software developed internally is done so with security in mind. It’s another to make sure that the software it purchases is vulnerability-free. That’s where businesses - and individuals - have really dropped the ball. “A lot of people think that it’s someone else’s job,” Schmidt tells us. The result is that no one ever checks most software for flaws.
Making sure that software is secure from the ground up will become increasingly important as people store more information and install more software on mobile devices like the iPhone Schmidt was waiting to upgrade. Schmidt offers this reminder: Just because a piece of software was distributed through Apple’s App Store, don’t assume that it is vulnerability free.
-Ben Worthen
Technorati Tags: free, web, business, software, technology, blog