In software security, there's a depressing but indisputable truth: No matter what you do or how much money you spend making code more resilient, fortifying the network or electro-shocking developers who write bad code, you can't get rid of all the security bugs. Not only is it impossible to make 100 percent secure software; it's not cost effective. If we accept that bad things are going to happen, we can take simple steps throughout the development life cycle to weave a software safety net that limits the damage and pain of the inevitable, uncaught vulnerabilities that resist our best efforts at prevention.
Stories by Herbert H. Thompson
Terms seem to change meaning so often in IT. It used to be that outsourcing conjured up images of Bangalore. For many firms, outsourcing now is synonymous with software-as-a-service from companies such as SalesForce.com, Intuit and ADP, which will -- for a healthy fee -- help an organization trim the fat off its business processes. While software-as-a-service may work miracles for your bottom line, surrendering control of a business process to a partner doesn't mean you also jettison the risk of your data being exposed. In fact, you probably increase the risk.