Posted on Tue, Feb 17, 2009 @ 06:56 AM
With increasing frequency Internet-based attacks are targeting specific applications. The need for security in application development has been discussed/debated for years, and as a result a new breed of security vendors was born (Veracode, Core Security, etc.). to combat these activities.
But how is the academic world responding to this need? I am a firm believer that if sound security practices are taught consistently over a period of time (high school and beyond), then minimially when a developer gets to the "real world" they will at least be aware of how to incorporate secure coding principles into their work.
When I was in college our goal was to make the program work. How it worked was secondary (although certain structures/procedures were required). But at no point was security actively discussed or incorporated into any project we were assigned. This was a little over 10 years ago so I'm wondering how it has changed since then.
By incorporating security into the mindset early on I believe applications can be developed that will reduce the risk of them being successfully attacked.
Posted on Mon, Feb 09, 2009 @ 06:30 AM
Year 2009 holds promise...Barack Obama has taken office and he supports spending billions of dollars to increase the use of technology in the medical records (and other) areas; Green IT is getting bigger, expanding beyond desktops and monitors into data centers; virtualization promises to significantly reduce the physical number of systems we need; and so on.
But all is not butterflies and roses. We also have to deal with a bad economy, shrinking budgets and layoffs,.
As we say goodbye to 2008 there is no shortage of predictions for 2009--and the computer security industry is no different. Practically every trade/industry magazine will have an article/opinion or perspectives piece written by experts or through an interview with a staff writer. Some will be far off, but generally speaking, these prognosticators are fairly accurate. However, I think some of their predictions, like "more advanced viruses will show up" are common sense.
What I would like to hear are the predictions from those of you in the trenches. Given what you have read on your own, or heard from management, what are your predictions for IT security in 2009?
Posted on Mon, Feb 02, 2009 @ 06:30 AM
Will Apple transition to x86 hardware mean that Mac users will now face the security issues that have long effected Windows users? I believe it will. Apple has thus far remained fairly safe mostly due to the combination of:
- Small Market: Macs have a small, but growing, market share (traditionally Macs have had highest concentration in the graphic arts industry)
- Limited Use: Macs normally aren’t used in situations that hackers tend to target
But with a growing market, and the switch to Intel hardware, Macs are bringing a lot more attention to their share of the market. Some argue that it’s not the hardware that matters, it’s the OS for which it’s written, which is a valid argument. But in this case the promise of a faster more versatile Mac will help further propel its popularity outside its traditional user base (home and graphic design) and carve out larger shares of other markets. So it's only a matter of time before deft hackers adapt to OSX--they just need a reason.
Security companies have the opportunity to be proactive, to an extent, about the threat to the new breed of Macs. But will they take the opertunity with so little to gain at the moment?