On TechRepublic: 10 dying IT skills
BNET Business Network:
BNET
TechRepublic
ZDNet

January 2nd, 2008

2008: The security wishlist

Posted by Larry Dignan @ 2:03 am

Categories: Apple, Data theft, Hackers, Patch Watch, Punditocracy, Uncategorized

Tags: Software, Hewlett-Packard Co., Apple QuickTime, IBM Corp., Data Breach, Digital Music, Digital Media, Security, Personal Technology, Consumer Electronics

There’s no sense in making predictions in the security space. There will be more creative attacks and vulnerabilities will multiply at a rapid clip. Meanwhile, unsuspecting (or just plain stupid) users will enable hackers. All of those items are a given. But we can outline a few items that sure would be nice to have.

Here’s my wish list for 2008:

A new QuickTime. Let’s face it QuickTime is a sieve when it comes to security. Meanwhile, QuickTime is everywhere. Add it up and Apple has two choices: Keep patching QuickTime in an effort to keep up with flaws. Or rebuild QuickTime. Instead of patching QuickTime repeatedly Apple should launch a do-over. New features? Who cares? Just make QuickTime secure.

Take Web 2.0 security seriously. Shared APIs are great. Social networking features are wonderful. There’s a lot to like about Web 2.0. But as these technologies make their way to the enterprise these composite Web apps will have to become more secure. IBM is pondering the policy implications for so-called Enterprise 2.0. You should too.

End the monoculture. Every IT shop out there should incorporate one word into its strategy: Diversify. In an effort to cut costs, find one throat to choke and simplify infrastructure technology managers are using fewer vendors (Microsoft, Oracle, SAP). What happens if this core software is hacked? The problem with monoculture is most evident with Windows. Diversify your operating systems. Sprinkle in Linux and Apple OS X along with Windows. Are the maintenance requirements more complicated? Possibly. But there are security benefits to be had.

Real penalties for data breaches. 2007 was the year of the data breach and TJX was among the headliners. TJX took a nice sized financial hit, but Wall Street largely gave the company a pass. Same store sales also held up so it’s not like customers fled the retailer. This scenario plays out repeatedly. The current state of affairs has to change. I hate to say it but regulation may be the answer because executives just don’t take protecting consumer data seriously–unless there’s a breach of course. The costs associated with data breaches are on the rise, but by not enough to change behavior.

PC makers focus on security vulnerabilities in software updates and crapware. HP has been taking its lumps over flaws in its Software Update feature embedded on laptops. Memo to Dell: Get ready, you’re next. Hackers will increasingly target hardware makers, which bundle in more and more software to automate customer support and gain slotting fees from software companies.

Larry DignanLarry Dignan is Editor in Chief of ZDNet and Editorial Director of ZDNet sister site TechRepublic. See his full profile and disclosure of his industry affiliations.

  • Talkback
  • Most Recent of 33 Talkback(s)
LiveCD = Software in ROM
There exists a whole collection of OS, apps, and utilities already in ROM. Go to distrowatch.com and do a search for live CDs and DVDs. Here you have everything you need to work and play on a general... (Read the rest)
Posted by: pfyearwood Posted on: 01/21/08 You are currently: a Guest | | Terms of Use
Don't write QuickTime from scratch  setatakahashi@... | 01/02/08
Thanks for the link  Larry DignanZDNet Moderator | 01/02/08
Apple could publish code audit results  shis-ka-bob | 01/02/08
Sure, a do-over could be good but...  setatakahashi@... | 01/07/08
Hope something mitigates the greatest vulnerability  nilotpal_c | 01/02/08
the user, the loser  jiagebusen | 01/02/08
You're a winner  santuccie | 01/02/08
typo  santuccie | 01/02/08
Monoculture has security benefits  wolf_z | 01/02/08
diversity can be used to minimize attack service  shis-ka-bob | 01/02/08
Real penalties for breeches?  Linux User 147560 | 01/02/08
Ha, perhaps a better title  Larry DignanZDNet Moderator | 01/02/08
no stupid users  gdstark13 | 01/02/08
And I disagree  ivanotter | 01/02/08
RE: And I disagree  gdstark13 | 01/02/08
older doesn't make it right...  shryko | 01/02/08
older doesn't make it right...  gdstark13 | 01/02/08
Have you ever seen the IT Guy skit on SNL ?  ehielema@... | 01/02/08
but...  gdstark13 | 01/02/08
Agreed  ehielema@... | 01/02/08
The customer is not always right  grail@... | 01/02/08
RE: The customer is not always right  gdstark13 | 01/03/08
LiveCD = Software in ROM  pfyearwood | 01/21/08
2008 security  puffaroo | 01/21/08
Any product without open source code is a RISK  pcguy777 | 01/02/08
Make computers more secure.....  mrdood_99205@... | 01/02/08
RE: Make computers more secure.....  gdstark13 | 01/02/08
Regulatory Enforcement vs. Internal Policy  JM99 | 01/03/08
RE: 2008: The security wishlist  paul.kimpel@... | 01/03/08
RE: 2008: The security wishlist  jkennedy2008 | 01/03/08
Open Source a risk too  jkennedy2008 | 01/03/08
Old myth  pablo Dante | 01/04/08
Gary  puffaroo | 01/21/08

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

advertisement

Recent Entries

advertisement

Archives

Favorite Links

ZDNet Blogs

White Papers, Webcasts, and Downloads

Meet Doc

  • Here to help you with your Document Management Needs
  • Doc is an enigma. Born to a Russian ballerina and a German electrical engineer, he grew up in various locations in the United States. He’s seen the insides of more brands, versions, and generations of printer and printer-related hardware than almost anyone.
  • To learn more about this mysterious figure check out his blog on ZDNet and his Workspace on TechRepublic. You’ll be glad you did.
  • Produced by
    ZDNet and