[ISN] The future of security

From: InfoSec News (isn@private)
Date: Wed Dec 31 2003 - 01:11:32 PST

Next message: InfoSec News: "[ISN] FBI investigates hack at e-voting software company"

Previous message: InfoSec News: "[ISN] This Car Can Talk. What It Says May Cause Concern."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

http://www.computerworld.com/securitytopics/security/story/0,10801,88646,00.html

By Scott Berinato
DECEMBER 30, 2003 
CIO MAGAZINE

Scenario One 

After the Storm, Reform 

There's no need to imagine a worst-case scenario for Internet security 
in the year 2010. The worst-case scenario is unfolding right now. 

Based on conservative projections, we'll discover about 100,000 new 
software vulnerabilities in 2010 alone, or one new bug every five 
minutes of every hour of every day. The number of security incidents 
worldwide will swell to about 400,000 a year, or 8,000 per workweek. 

Windows will approach 100 million lines of code, and the average PC, 
while it may cost $99, will contain nearly 200 million lines of code. 
And within that code, 2 million bugs. 

By 2010, we'll have added another half-a-billion users to the 
Internet. A few of them will be bad guys, and they'll be able to pick 
and choose which of those 2 million bugs they feel like exploiting. 

In other words, today's sloppiness will become tomorrow's chaos. 

The good news is that we probably won't get to that point. Most 
experts are optimistic about the future security of the Internet and 
software. Between now and 2010, they say, vulnerabilities will flatten 
or decline, and so will security breaches. They believe software 
applications will get simpler and smaller, or at least they won't 
bloat the way they do now. And they think experience will provide a 
better handle on keeping the growing number of bad guys out of our 
collective business. Some even suggest that by 2010, a software Martin 
Luther will appear to nail 95 Theses--perhaps in the form of a 
class-action lawsuit--to a door in Redmond, kicking off a full-blown 
security reformation. 

The bad news is that this confidence, this notion of an industrywide 
smartening up, is based on the assumption that there will be a 
security incident of such mind-boggling scope and profoundly 
disturbing consequence--the so-call digital Pearl Harbor--that 
conducting business as usual will become inconceivable. 


[...]



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo@private with 'unsubscribe isn'
in the BODY of the mail.

Next message: InfoSec News: "[ISN] FBI investigates hack at e-voting software company"
Previous message: InfoSec News: "[ISN] This Car Can Talk. What It Says May Cause Concern."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Dec 31 2003 - 03:04:17 PST