SAFECode Forum - The first? Right focus? Losing focus?
October 27th, 2007 Drazen Drazic Posted in Applications, Bad Developers, Bad Stuff, Dumb Security, Research, Risk Management, cyber crime |
EMC Corporation, Juniper Networks, SAP, Microsoft and Symantec have formed a new consortium whose goal, as reported at TechNewsWorld is to: “……help reduce IT vulnerabilities, improve resistance to attack, and protect supply chain integrity”.
Is it just me who read this and thought; yeah…let’s see how many people remember the name SAFECode Forum in 12 months time? Hey, good luck to them. I hope that they do achieve their goals, but is this really the first of these things we have seen, as they promote it being?
The question has to be asked, have these companies admitted that they cannot today and in the future deliver more secure products on their own?
Am I drawing a long bow with that statement? Moreover, does this impact upon programs/resources internal to these organisations now hopefully focussed upon more developing more secure products? ie; will focus be less internal and more diverted to planning, talking about and hopefully one day doing something of substance within the bounds of this consortium?
While the talk goes on, highly skilled individuals and teams work on negating the efforts of such groups, remaining one step ahead.
The old paradigm shift cliche raises its head again. What we need is new thinking, new directions, new approaches that sit outside the norm of patchwork fixes for poorly developed systems from the outset, sitting on 30 year old, inherently insecure networking protocols. Until then, IT security researchers will continue to be very “busy”. (Side Note: Donal in his blog Ockham’s Razor devotes most of his posts to thinking outside the square so to speak. Well worth a wander through the latest posts and especially some of the stuff in the archives)
Innovation on the Web and desktop though continues….not thinking about security (to adequate levels) nor waiting for it to catch-up.
But, are we all jumping ahead of ourselves here and forgetting the biggest problem in Information Security today? ie; a general apathy towards good IT Security practices by business, government and individuals……practices that could make a big difference now! (There’s enough of my thoughts in the archives here that cover my thoughts on this so I won’t make this a longer post by re-iterating them. Here’s a start; http://beastorbuddha.com/category/dumb-security/).
You can’t really say the battle is lost when one side doesn’t turn up to fight.
October 28th, 2007 at 12:40 pm
Kudos for props. I keep focusing on this post for some reason ‘Pull up those bre[e|a]ches…’ a look at the Past, Present and Future.
April 2nd, 2008 at 10:51 pm
[...] have the barrel and the fish are in it and I am about to shoot…..Yes, we predicted this. So what is new? Okay…here’s a few free hits to the site to make them feel good: [...]
June 28th, 2008 at 10:12 pm
[...] had SAFECode announced last year and now comes ICASI, (Industry Consortium for Advancement of Security on the [...]