Offering regional and national programs, CIO (and CSO) events bring together some of the most respected names and thought leaders in information technology and security. Presented by CIOs and other senior level executives, these invitation-only programs offer timely topics and strong networking. Learn More »
Public Teleconferences
Join CIO Executive Council members and participate in the following live teleconferences:
* Planning for Succession:
Models for IT Leadership Development, June 23
* Change Leadership at General Growth Properties: A
Pathways Leadership Development Seminar, June 25
* Managing Change: Centralizing Your IT Organization
July 29
Apply today for a FREE subscription to CIO Magazine!
News Feature
Ensuring Your Own Application Security
May 15, 2003 — CIO — This past winter, a worm known as Slammer rattled the Internet violently enough to become what you might call a "CNN-level virus"?that is, it burrowed its way into the national consciousness.
Nearly everything about the SQL Slammer was old. It was an old hack that exploited a year-old vulnerability found in an old target, Microsoft software. There was a patch to block Slammer that was six months old, and that patch suffered from an old patch problem: It was so kludgy to install that the patch needed a patch. Above all, the reaction to Slammer?the call to use the event to build security awareness?was so old it called Bob Hope "kid."
But this much was new: Everyone agreed that Slammer was your fault.
How to Save $60 Billion
The old game was to blame Microsoft. "Microsoft did not protect its customers," read a letter to The New York Times after the Melissa virus hit in 1999. A year later, after the I Love You virus infected Microsoft Outlook, a Washington Post editorial stated, "This is a software development problem." The Nimda worm (2001), according to Forrester Research, required 625 combinations of patches applied to Microsoft’s Internet Information Server. Nimda, along with its contemporary, the Code Red virus, eventually compelled Microsoft to implement and market Trustworthy Computing, an initiative aimed at helping Microsoft developers learn how to write secure code.
Slammer, though, hasn’t followed the old pattern. A developing consensual wisdom suggests that as woeful as Microsoft’s products may be, CIOs have been equally sloppy. A February poll of more than 200 IT professionals, by antivirus company Sophos, showed that 64 percent of respondents blamed their peers’ lax security practices for Slammer. Only 24 percent blamed Microsoft.
The poll also revealed that only 43 percent of the respondents said they subscribed to Microsoft’s vulnerability mailing list, which provides early alerts of viruses in the wild. Twelve percent said they relied on "mainstream news"?newspapers and TV?to learn about new viruses. Three percent said they "don’t really hear about them at all." And 19 percent said they patched software when they "got around to it."
"I’ve got to look around at my comrades and ask, Why aren’t you patching your systems?" says Bob Ferderer, vice president of IT internal operations and security at CUNA Mutual Group, the nation’s largest financial service provider for credit unions, with 5,000 employees and $9.3 billion in assets. "There’s a relationship between individuals not taking action and how these things spread out of control."
Riverbed RiOS 4.0: Raising the Bar in Wide Area Data Services
Forrester Research: Defining a Mobile Enterprise Policy
Windows Mobile Users Capture Value from Mobile Applications
Mobility for the People- Ready Business
Mobility Solutions in Enterprise-Size Businesses: Quantifying the Return on Investment (IDC Study)
Symantec Data Center Foundation Solutions
Windows Mobile Series: Improving Mobile Security and Management Webcast
Solutions to the Toughest IT Challenges in Remote Offices Webcast
Get Control of Mobile Data (and More): Improve security and reduce costs with a mobility management platform (Video webcast)
The Universal Wireless Client: How to simplify mobility and reduce the cost of supporting mobile workers (Video webcast)
Advanced DNS and Traffic Management Solutions: The Keys to Enhancing and Securing your Enterprise Network
ProCurve Access Control Video
Resource Alerts
Get instant email notifications by topic when white papers, webcasts, and case studies are added to our library.
Google Bows to Pressure, Adds 'Privacy' Link to Home Page
TSMC Says 2Q in Line Or Better After Major Customer Falls
Asustek to Offer Eee PC with Built-in 3G Wireless
Asustek's Latest Eee PCs Shipping in Asia in July
Lenovo Seeks Prestige in Price-Sensitive Market
Microsoft's Silverlight Draws Patent Suit
A Tale of Two City Wi-Fi's
Google Under Pressure As App Engine Requests Rise
Wall Street Beat: IT Slumps in First Half
Transcorp Insists 'We Are Not Selling SAT 3'
How To Do Nearly Anything
Just the basics, please. Sometimes we all need a refresher or we need to make sure our team and our colleagues are all on the same page.
Over 25 tutorials on everything from business intelligence to virtualization.
