By Dennis Fisher
May 12, 2010
ST. PAUL, MINN. -- If the United States wants to remain competitive in
the global economy and prevent widespread penetrations of its strategic,
corporate and commercial networks, enterprises and government agencies
should stop relying on commercial software and go back to writing more
of their own custom code, a security expert said Tuesday.
Speaking at the Secure360 Conference here, Marcus Ranum, CSO of Tenable
Network Security, said that the country's reliance on commercial
off-the-shelf software has made us more susceptible to attack, not to
mention less innovative and creative. While dismissing the current
fascination with cyberwar as hype, Ranum said the reality is that
foreign governments and intelligence agencies are doing their best to
penetrate our government and commercial networks every day, just as the
U.S. government is working to compromise foreign networks.
That reality means that poorly written and deployed software is a major
problem, he said.
"If we're going to maintain our place in the world, software is not a
strategic problem, it is the strategic problem going forward," Ranum
said. "Covert penetration becomes something that you think about on a
five, 10 or 20-year scale. If you look at the problem of doing a
significant penetration, it's not something you can do immediately."
Using the federal government as an example, Ranum pointed out that many,
if not most, of the internal software development groups that used to
exist in federal agencies are now largely gone. In their place now is an
army of contractors doing much the same job, but with a couple of
important differences. Because the internal development teams no longer
exist, the contractors are reporting to program managers instead of
managers who were developers themselves.
Best Selling Security Books and More!
Shop InfoSec News