The InfoSec Blog

System Integrity: Without Integrity you don’t have Security

Related Posts
Recent Posts
Calendar
February 2006
M T W T F S S
    Mar »
 12345
6789101112
13141516171819
20212223242526
2728  
Archives
Technorati
Subscribe

Enter your email address:

Delivered by FeedBurner

Search

infosecblog Web
emergence SI Site
Categories
Advertisments
February 27th, 2006

“Vendors that don’t understand security, except that it will make them money”

By antonaylward

That assertion is the title of this article:
http://www.crn.com/showArticle.jhtml?articleID=180203279I think they used the wrong tagline!

“Just about everyone is hawking security, secure networks, secure systems, secure applications, secure websites, secure whatever,” …… It is pretty clear that most of them don’t even know what security means, but they do know one thing: Security sells.”

Why does Internet Security Systems CEO Thomas Noonan say this?

“Business enterprises are starving for the solutions that live up to this hype,” he said. “Last year alone, the financial losses resulting from online fraud, theft and business disruption proved unequivocally that trustworthy, self-defending, fearless networks are failing.”

Oh, so he’s targeting Cisco. Well that understandable, one vendor sniping at another, even though his premise and evidence are - dare I say it - statistically evident.

The conclusion - this is a vendor speaking remember - is forgone.

Best-of-breed technology and security suites are not enough to solve today’s security challenges, Noonan said. The answer is through what ISS is calling security platforms.

So, guys and gals, what do YOU think is the answer?

Posted in Security | No Comments
February 15th, 2006

Gates says security boils down to four focus areas

By antonaylward

http://www.networkworld.com/news/2006/021406-gates-keynote-rsa-security.html

However its unclear what those four areas are from the article.

The best quote I can find relating to it is:

Gates then launched into the importance of security going forward and categorized a set of priorities under four headings: trust ecosystem, engineering for security, simplicity, and fundamentally secure platforms.

… but later …

Gates gave very little in the way of new initiatives or ideas at Microsoft for meeting his four broad goals, instead tailoring his remarks around announced features in the upcoming Windows Vista client operating system including smart card support, identity technology called InfoCard, and improvements in the Internet Explorer browser.

so I wonder what substance there is. Later on in the article: Gates used the demo to highlight his trust ecosystem, one of his four priority areas for improving security. “We have chains of trust,” Gates said. “What we need to do is track those trust relationships, to grab permissions, to revoke those trust relationships, to develop reputation over time.” He said today people live without a trust ecosystem. I’m not sure I like the idea of “grabbing” permissions. My mother always told me it was rude to grab. Do you think software and system engineering rates well on

  • trust ecosystem,
  • engineering for security,
  • simplicity,
  • fundamentally secure platforms.

Of those .. well ’simplicity’, yes, but be careful; there are many naive approaches to that. As for fundamentally secure platforms - hogwash! We do know how to engineer secure and reliable systems from insecure and unreliable components. We’ve been doing it for years in other fields. Perhaps what we really need to do is to overthrown the mystique of computers and treat software like any other engineering discipline. Where is Steve McConnell when you need him?

Posted in Security | No Comments
|

The InfoSec Blog is powered by WordPress | Using Tiga theme with a bit of Ozh Feed Shark