Software Insecurity is Our Biggest Weakness

Software Insecurity is Our Biggest Weakness
Software Insecurity is Our Biggest Weakness 

By Dennis Fisher
Threat Post
May 12, 2010

ST. PAUL, MINN. -- If the United States wants to remain competitive in 
the global economy and prevent widespread penetrations of its strategic, 
corporate and commercial networks, enterprises and government agencies 
should stop relying on commercial software and go back to writing more 
of their own custom code, a security expert said Tuesday.

Speaking at the Secure360 Conference here, Marcus Ranum, CSO of Tenable 
Network Security, said that the country's reliance on commercial 
off-the-shelf software has made us more susceptible to attack, not to 
mention less innovative and creative. While dismissing the current 
fascination with cyberwar as hype, Ranum said the reality is that 
foreign governments and intelligence agencies are doing their best to 
penetrate our government and commercial networks every day, just as the 
U.S. government is working to compromise foreign networks.

That reality means that poorly written and deployed software is a major 
problem, he said.

"If we're going to maintain our place in the world, software is not a 
strategic problem, it is the strategic problem going forward," Ranum 
said. "Covert penetration becomes something that you think about on a 
five, 10 or 20-year scale. If you look at the problem of doing a 
significant penetration, it's not something you can do immediately."

Using the federal government as an example, Ranum pointed out that many, 
if not most, of the internal software development groups that used to 
exist in federal agencies are now largely gone. In their place now is an 
army of contractors doing much the same job, but with a couple of 
important differences. Because the internal development teams no longer 
exist, the contractors are reporting to program managers instead of 
managers who were developers themselves.


Best Selling Security Books and More!
Shop InfoSec News 

Site design & layout copyright © 1986-2014 CodeGods