Ensuring Your Own Application Security
Don’t Give Up, Don’t Ever Give Up
Asked if he was more optimistic now about security than he was four years ago, when Melissa first hit, Rich Pethia says flatly, "No."
That’s an unsurprising response from the director of the CERT Coordination Center, charged with disseminating early notice of serious vulnerabilities. CERT has logged over 182,000 security incidents in 14 years, 82,084 in 2002. From 1995 to 2002, CERT mapped 9,162 vulnerabilities, nearly half of them last year.
So you’d expect Pethia, who has briefed President George W. Bush on such matters, to be gloomy. Still, Pethia thought for a minute and then revised his stance.
"Actually, I am a little more optimistic," he says. "There’s far more awareness. The economy is terrible, so people can’t afford insecure applications. After 9/11, there’s a national sense of what these vulnerabilities mean. We’re starting to put numbers on the problem and use risk assessment tools. That means insurance will soon get in the game, which is always a big step for security."
Combine these factors, Pethia says, and there’s a breath of hope. In fact, he’s convinced that one more ingredient will validate his optimism: proactive CIOs who demand better software.
So what exactly are you waiting for?
$firstKeyword
Receive the latest security news as it breaks.
