- +
Ticked Off at Tick the Box Mentality 04/02/2008 13:01:15
Does your executive search firm know the difference between an MIS manager and a CIO, and if it does, can it explain that difference to its corporate clients?Does your executive search firm know its MIS managers from its elbow? Does it even know the difference between an MIS manager and a CIO, and if it does, can it explain that difference to its corporate clients?
Read up on the latest ideas and technologies from companies that sell hardware, software and services. Delivering the Power of Choice with Microsoft Dynamics CRM
CRM your salespeople will love
Email Archiving 101—Customer Case Study
Email Archiving Technical Overview
Revolutionising Back-up and Recovery
How to Beef Up Your Sales Pipeline
Mimosa™ NearPoint™ for Microsoft® Exchange Server: Email Archiving 101
Best Practice in Building an Integrated Information Management Strategy
Zones provide focussed content from Computerworld and leading technology partners.Newsletter Subscription
Over at the Open Sources blog, Savio Rodrigues calls attention to two critical security vulnerabilities in the Spring Framework for Java. They were discovered by security consultancy Ounce Labs, which disclosed the exploits in a detailed report. If you use Spring for critical business applications, you'll definitely want to be aware of the threats and take appropriate measures.
While awareness of security is always important, however, not everyone agrees that vocal public disclosure of vulnerabilities, as Ounce Labs and the Spring developers have done, is the right approach. For example, when working on the Linux kernel, Linus Torvalds prefers to keep security-related chatter to a minimum.
"I personally consider security bugs to be just 'normal bugs,'" Torvalds writes on the Linux kernel development mailing list. "I don't cover them up, but I also don't have any reason whatsoever to think it's a good idea to track them and announce them as something special." If nothing else, he says, doing so only gives would-be attackers an advantage when developing their exploits.
This is a perennial debate, and one that's likely to go on indefinitely. We should note, however, that it is by no means limited to software development. Security is a constant concern throughout the world -- not merely in other aspects of human society, but in the animal kingdom, as well. In an interview with New Scientist magazine, marine biologist Raphael Sagarin proposes that humans can gain a lot of insight into how to best address security issues by studying animal models.
"You can look at virtually any question about security through a biological lens," Sagarin says. "You look at what the most successful organisms do to solve their security problems, and then you try to use that."
Like organisms in nature, businesses want to be successful. One generally accepted means of getting ahead in business is to mediate risk wherever possible. That's what companies are doing when they subscribe to security alerts about their software: By staying informed about the latest vulnerabilities, they hope to minimize the risk that they will fall victim to unknown exploits.
"But organisms inherently understand that there is risk in life," Sagarin says. "The idea that we can eliminate these risks would be selected against quickly in the natural world, since any organism that tried to do so would not have enough resources left for reproduction, or feeding itself."
Apparently, Torvalds agrees -- quite explicitly. "I think the OpenBSD crowd is ," he says by way of example, "in that they make such a big deal about concentrating on security to the point where they pretty much admit that nothing else matters to them."
Torvalds' jibes against rival operating systems aside, he makes a good point. According to Sagarin, humans are easily tempted to pay too much attention to specific threat signals, regardless of the overall level of danger. We sometimes call such signals "crying wolf" -- a phrase that undoubtedly hits home for marmot populations in the wild.
Computerworld Member Login
Discover how SOA can create smarter outcomes for your business.
Attend and learn:
- How SOA is helping leading companies to become more agile
- Where you should be applying SOA processes in your company
- The top SOA implementation mistakes to avoid
Click here for more information.
- +
Computerworld Live Podcast #97: The Future of Enterprise Networking 25/07/2008 09:45:36
This week CW Live chats with Mark Thompson, global sales and marketing manager for HP ProCurve, on the future of the enterprise networking. Mark discusses the trends we can expect to see in the near future and how the right infrastructure can ensure your enterprise network is secure. - +
Computerworld Live Podcast #96: Security at the Edge 11/06/2008 09:22:22
CW Live speaks with Amol Mitra, HP ProCurve Director of Marketing for Asia Pacific and Japan. Today's topic: how enterprises are starting to shift away from simply controlling security via server logins, firewalls and moving to more adaptive security frameworks. - +
Data Management Edition #10: Multi-Petascale Systems 02/05/2008 09:12:33
This week we look at sustainability and the development of multicore technologies to build multi-petascale systems. - +
IT Security Edition #11: How to poison the Storm botnet 01/05/2008 08:51:55
This week CW Live presents a case study on how to poison the notorious Storm botnet . Plus we take a look at Cisco's plans for Ironport. - +
IT Security Edition #10: Cyber-battles fought and won 24/04/2008 11:09:47
Vendors bow to end user pressure to improve product security, and we take a look at the latest concepts shaping the cyber-battlefield of the future.
F-Secure achieves excellent results in Internet security suite comparison 2008-10-10 14:37:00+10
M2M Connectivity announces the new Sierra Wireless MC8792V embedded module for 900 MHz 3G/HSPA networks 2008-10-10 08:51:00+10
Pitney Bowes MapInfo Launches New Version of AnySite 2008-10-10 05:58:00+10
IOGEAR Gears Up in Australia 2008-10-09 20:18:00+10
Internet Service Providers offer new unlimited Online Backup from F-Secure 2008-10-09 19:42:00+10
Wireless LANs: Is my enterprise at risk?
Achieve an overall understanding of the risks associated with wireless LANs. Discover their inherent properties, as well as what makes them different from wired networks. Read on to uncover a list of recently published articles on real-life breaches and incidents illustrating the need for proactive measures to mitigate wireless security risks.
