http://threatpost.com/en_us/blogs/software-insecurity-our-biggest-weakness-051210 By Dennis Fisher Threat Post May 12, 2010 ST. PAUL, MINN. -- If the United States wants to remain competitive in the global economy and prevent widespread penetrations of its strategic, corporate and commercial networks, enterprises and government agencies should stop relying on commercial software and go back to writing more of their own custom code, a security expert said Tuesday. Speaking at the Secure360 Conference here, Marcus Ranum, CSO of Tenable Network Security, said that the country's reliance on commercial off-the-shelf software has made us more susceptible to attack, not to mention less innovative and creative. While dismissing the current fascination with cyberwar as hype, Ranum said the reality is that foreign governments and intelligence agencies are doing their best to penetrate our government and commercial networks every day, just as the U.S. government is working to compromise foreign networks. That reality means that poorly written and deployed software is a major problem, he said. "If we're going to maintain our place in the world, software is not a strategic problem, it is the strategic problem going forward," Ranum said. "Covert penetration becomes something that you think about on a five, 10 or 20-year scale. If you look at the problem of doing a significant penetration, it's not something you can do immediately." Using the federal government as an example, Ranum pointed out that many, if not most, of the internal software development groups that used to exist in federal agencies are now largely gone. In their place now is an army of contractors doing much the same job, but with a couple of important differences. Because the internal development teams no longer exist, the contractors are reporting to program managers instead of managers who were developers themselves. [...] _______________________________________________ Best Selling Security Books and More! Shop InfoSec News http://www.shopinfosecnews.org/Received on Wed May 12 2010 - 22:16:11 PDT
This archive was generated by hypermail 2.2.0 : Wed May 12 2010 - 22:38:10 PDT