BeyondTrust

Security In Context

Bringing you news and commentary on solutions and strategies for protecting your critical IT infrastructure.

Closing the Door on Hackers – from the New York Times

Post by Marc Maiffret April 5, 2013

I recently had the pleasure of contributing an Op-Ed piece to The New York Times. In the article, I talk about some of the aspects of cyber-security that I think are far too-often left out of mainstream media discussions. Specifically, the shared burden that all of us in the technology industry should feel in helping educate and produce more secure software. This is not a trivial challenge, but something that is equally important for users at large to understand and think about just as often as they think about the next hyped up hacker group or China attack.

From IT administrators to software developers and more, the challenges faced in security are always evolving and it can be tiring to keep running this race. To those businesses that employ such people who strive every day to help build a more secure company, embrace those employees, rather than think of them as an annoyance or burden. Keep staying educated, keep raising the bar in a meaningful way beyond yet another signature update, and most importantly, don’t forget that as serious as some of the stakes are in security, don’t take it all so seriously, or your servers may never get out alive.

You can find the full article here –  http://www.nytimes.com/2013/04/05/opinion/closing-the-door-on-hackers.html?_r=0

 

NYT logo

Tags:
, , , ,

Leave a Reply

One Response to “Closing the Door on Hackers – from the New York Times”

  1. John

    It’s not news that the nature of hacking has changed. While hacking used to be the subject of movies, typically involving young kids, those kids have evolved. And they have made a choice to either work for good or for bad. Mr. Maiffret is an example of one who has chosen the good and has probably found it to be lucrative. I know of others that choose to do good without any personal benefit. Anonymous is an example of an organization that works for good or for bad, depending on a person’s perspective. If I were to be a victim, then I would clearly think badly of Anonymous. But when I see Anonymous challenging an “unfriendly”, even a nation state, then it’s a good thing. With recent events, some might even view Anonymous as being on par with nation states and conducting cyber warfare. But this is not the focus of the article.
    It seems Mr. Maiffret’s intent was to point out that there are vulnerabilities in software and there have been some champions who have tried and done well to reduce the vulnerabilities. Nevertheless, the problem persists. Companies and individuals that purchase software are apparently not doing their homework before making a purchase. If they did, investment and the free market might be effective means of driving the development of secure software. As it stands, it seems software is often pushed out the door with little concern for security.
    At the heart of the problem are the developers. Those that build insecure products either lack the pride or motivation to develop secure software or they are lacking an awareness of the need or the ability to address the need. Companies that push out software products should enlighten and motivate developers to incorporate security in their products. This is the challenge, albeit a small one, to companies. It would be a win-win- win situation where the developer, the company, and the purchaser all come out on top.

    April 10, 2013 2:18:36, Reply

Additional articles

smart rules manager for vulnerabilities - v2

A New Way of Looking at Vulnerabilities in Your Environment

Assets, users, vulnerabilities and exploits; all are common themes in my posts on BeyondInsight. With BeyondInsight v5.1, we unveiled a new way to view exploitable assets. Sure, most vulnerability management solutions link vulnerability data to exploit information, allowing tools like NeXpose and QualysGuard to list an asset, its vulnerabilities, and any related exploits. BeyondInsight does…

Post by Morey Haber April 23, 2014
Tags:
, , , , ,
smart rules manager for vulnerabilities

Staying on Top of the Latest Vulnerabilities with BeyondInsight v5.1

It’s no secret that dozens of new OS and application vulnerabilities are revealed every day. Staying on top of these new exposures normally requires paying for services or subscribing to multiple RSS feeds. BeyondInsight 5.1 provides customers with another option: a built-in, customizable vulnerability alerting system that delivers up-to-date information on the latest vulnerabilities in…

Post by Morey Haber April 21, 2014
Tags:
, , , , , ,
BI-Qualys-Connector-IMG1

Getting More Value from QualysGuard Vulnerability Data with BeyondInsight v5.1

If your vulnerability assessment scans can’t produce meaningful and actionable reports, performing a scan does no good for anyone. If you’ve read my other blog posts, you know I have no qualms about stating that BeyondTrust provides the best vulnerability reporting in the industry. Ask your favorite analyst and they’ll tend to agree. Of course,…

Post by Morey Haber April 18, 2014
Tags:
, , , , , , , ,