RE: [ISN] COMDEX: Panel: Accept the Net is vulnerable to attack

From: InfoSec News (isnat_private)
Date: Thu Nov 21 2002 - 07:24:53 PST

  • Next message: InfoSec News: "[ISN] Military pushes for wireless security"

    Forwarded from: "Hoodye, Morris" <Morris.Hoodyeat_private>
    
    I would like to take a moment to comment on this article. 
    
    1. This article says, vendors don't care about writing secure code, I
    work in the Nonstop Enterprise Division of HP where we build computer
    systems that are highly reliable, and SECURE. The Nonstop system is
    built upon a long history (20+ years) of proven reliability. The HP
    Nonstop system previously known as the Tandem Himalaya Nonstop are the
    most reliable and secure high-end servers in the industry today.
    
    2. We inspect every change and every line of new code for reliability
    and security.
    
    morris
    
    -----Original Message-----
    From: InfoSec News [mailto:isnat_private]
    Sent: Tuesday, November 19, 2002 23:55
    To: isnat_private
    Subject: [ISN] COMDEX: Panel: Accept the Net is vulnerable to attack
    
    
    Forwarded from: William Knowles <wkat_private>
    
    http://www.nwfusion.com/news/2002/1119vulnerable.html
    
    By Nancy Weil
    IDG News Service, 11/19/02
    
    Companies and home Internet users need to accept that the global
    computer network is inherently vulnerable to attacks, worms, trojans
    and anything else miscreants want to unleash on it, and then accept
    that securing the system is everyone's responsibility, a panel of
    security experts said Monday at the Comdex trade show.
    
    Security can't be accomplished through applying patches to vulnerable
    software, panelists agreed, though they varied in how best to make the
    Internet more secure and disagreed sharply in some areas, with Bruce
    Schneier, founder and CTO of Counterpane Internet Security, serving as
    the naysayer - a role he seemed to relish.
    
    "As a scientist, I can tell you that we have no clue how to write
    secure code," Schneier said, prompting agreement from John Weinschenk,
    vice president of the Enterprise Services Group at VeriSign, who said
    the best that can be done is to protect corporate computer systems and
    Web sites so that if there is an attack they aren't taken out for a
    long, costly period.
    
    "I think every software vendor here can do a better job of providing
    more secure software," Gene Hodges, president of Network Associates,
    chimed in. As the discussion went on, though, it was that idea that
    led Schneier into one of his favorite topics - liability.
    
    The panelists were led by moderator Andrew Briney, editor-in-chief of
    Information Security Magazine, into chatting broadly about their views
    on whether there should be more government regulation related to
    securing cyberspace, and as the other panelists talked, Schneier went
    from grinning to smirking to shaking his head. Briney commented that
    Schneier seemed to be disagreeing and asked him which comments he
    found fault with to which Schneier replied: "Which part should I
    respond to - I don't even know."
    
    Then things got lively.
    
    [...]
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Thu Nov 21 2002 - 10:19:30 PST