archives  If you want an RSS feed try this xml rss V0.91 feed

Friday, March 19, 2004

Opinion : Size doesn't matter content does

Robert Campbell AuthorOpinion: In a departure with columnist solidarity - just what was the point of Kelly Martin's article The 12K Bomb published over at SecurityFocus? Kelly Martin is the content editor for SecurityFocus and should know better. The fact that a large, and some think bloated, piece of code like XP is more vulnerable than ....... er well something slightly smaller is neither true nor meaningful. XP is vulnerable, so is *NIX so are many applications and operating systems, large and small. It's not their size but the way they are built, by fallible human beings, that creates the opportunities for malicious code to take advantage of.
Martin's article did not realise any new insights into the problem, did not highlight anything positive that's being done within the industry to alleviate the issues; or point to any meaningful test or standards that the industry is trying to adopt to provide users the wherewithal to make informed judgments as to what's safe and secure and reputable and what's not.
In fact the only contribution to the debate I can determine is the fact that we now know that KM is on the side of the Anti-Microsoft lobby. Oh and that he's probably got some kind of psychological problem since his questionable analogy of the average virus writer involved young boys in their underpants and that fact that he's obsessed by size..
Another writer and columnist for SecurityFocus Tim Mullen has an altogether more rational approach and useful set of comments to make, and better analogies too. In his article published earlier this week Where to Turn? he finishes up saying I know everyone has something they are trying to sell, but when the end result is confusing the customer, we need to rethink the way we market our products, and the way information in general is being dispensed., its a pity that his collegue didn't take his advice.
Related Links
SecurityFocus home
Common Criteria for IT Security Evaluation
BorderWare Firewall Server the only firewall approved with both EAL4+ EAL5 vulnerability analyis
BS7799 Information security management. Code of practice for information security management

posted by Robert Campbell 6:17 PM


Powered by Blogger Pro™