Software (In) Security - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Mobile // Mobile Applications
Commentary
8/19/2005
09:50 AM
Patricia Keefe
Patricia Keefe
Commentary
50%
50%

Software (In) Security

"Danger, Will Robinson! Danger!" That ought to be the first thing every user hears upon breaking the seal on a new application or hitting the "download now" button. Given the rate at which new apps and operating system updates are being cracked, hacked, and infested, perhaps the software industry should adopt as its mascot, the zealously protective, but often useless Robot from the mid-'60s sci-fi classic series, "Lost In S

"Danger, Will Robinson! Danger!" That ought to be the first thing every user hears upon breaking the seal on a new application or hitting the "download now" button. Given the rate at which new apps and operating system updates are being cracked, hacked, and infested, perhaps the software industry should adopt as its mascot, the zealously protective, but often useless Robot from the mid-'60s sci-fi classic series, "Lost In Space."Even a casual viewer of network news knows we seem to be reaching an epidemic state of broken, vulnerable and patched-to-pieces software. We can't send attachments to each other any more -- even if our company's firewall will accept it, we daren't open it half the time. And you can kiss the fun of E-greeting cards goodbye. We have become increasingly leary of shopping online, so much so that another recent survey found that more than four-fifths of the 8,000 consumers surveyed reported feeling threatened or extremely threatened by online fraud and identity theft. This fear is allegedly influencing consumer decisions about where to shop, bank, and invest online.

Moreover, we're also finding ourselves devoting more and more time -- at work and at home -- to monitoring vendor and security Web sites for reports of more problems, and the fixes that follow. And you can't take your eye off the ball then because patches and fixes are just as likely to be corrupted or to break other applications or parts thereof, as they are to fix the initial problem.

In short, it's getting harder and harder to just log on and compute, so to speak.

I am not a programmer, and I am not a developer, so it's not like I can offer up a technical solution. (Though it seems fair to say that neither can the people who're building these applications.) Even so, the constant stream of hacking incidents, patches, and re-patches has to leave you to wonder -- I know I do -- whether application development is going to be able to keep pace with the growing skills of the hacker community.

I don't know if there are different programming techniques that could be tried or better languages that should be deployed. Or maybe it's more that security efforts will have to simply abandon the application level and push out to the firewalls and other technical barriers being erected around the corporate fortress and home PCs. I don't know what the solution is. But it does seem that unless something changes, we're just going to see more and more of these patches until what -- applications start running into other external problems traceable back to what ever fixed the internal breach? Until it becomes routine for entire networks to be brought down for a couple of hours at a time? Til we scurry back to the safety, if snail pace, of sneaker net? Then where is your computer-generated productivity? Until the consumers of software lose patience -- or faith -- in the purveyors of these programs?

With automated, often useless support, and minimal access to one-on-one assistance, we can't afford to leave users exposed to these weaknesses. Applications need to be more secure than they are now. The fixes to these vulnerabilities had better work the first time. Something has to give. I just don't know what it will be.

But on the opposite end of this issue -- the courtroom, I do know that the sentences we're seeing handed down for various computer crimes are ridiculous. Too many exceptions are being made -- be it for the age of the defendant or as in one recent case, for being "cooperative," but not providing any substantive help to the prosecution.

We need to slam the prison door shut on the perpetrators while we figure out how to slam the digital door shut on breaches in the first place. Which brings me back to my original premise, laid out in a May 27th blog entry, Security Is The New Cold War, which is that it's going to take a whole lot of communal effort from a whole lot of angles to keep up with, never mind combat, or even defeat, computer criminals. We're already too far behind.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
News
How to Create a Successful AI Program
Jessica Davis, Senior Editor, Enterprise Apps,  10/14/2020
News
Think Like a Chief Innovation Officer and Get Work Done
Joao-Pierre S. Ruth, Senior Writer,  10/13/2020
Slideshows
10 Trends Accelerating Edge Computing
Cynthia Harvey, Freelance Journalist, InformationWeek,  10/8/2020
White Papers
Register for InformationWeek Newsletters
Video
Current Issue
[Special Report] Edge Computing: An IT Platform for the New Enterprise
Edge computing is poised to make a major splash within the next generation of corporate IT architectures. Here's what you need to know!
Slideshows
Flash Poll