Security Basics mailing list archives
Re: A reminder that security is not inherently solvable with technology
From: "Steve" <securityfocus () delahunty com>
Date: Fri, 24 Oct 2003 13:23:36 -0400
Three recent articles (like less than a week old) on this from Network Computing and Information Week both discussed issues with offshore outsourcing and code with mention of security. They don't get very detailed but still interesting reading. http://www.nwc.com/showitem.jhtml?docid=1421f3 http://www.informationweek.com/story/showArticle.jhtml?articleID=15500032 http://www.informationweek.com/story/showArticle.jhtml?articleID=15306236 Even if you outsource to a US based firm, you still need to check the code delivered for a myriad of reasons not the least of which is security and standards. ----- Original Message ----- From: "Randy Golly" <rcgolly () vermeertexas com> To: <security-basics () securityfocus com> Sent: Thursday, October 23, 2003 6:49 PM Subject: RE: A reminder that security is not inherently solvable with technology YES! I haven't been a big fan of offshore developers working on sensitive domestic (US) projects. I'm all for globalization of production and taking advantage of the economies of scale that lower cost labor provides, it does benefit consumers and the economies of countries involved. But I do think that the security risks involved with this type of software development or support need to be further addressed and defined. In this article, many of the people involved had no idea that it was going offshore. That leads me to wonder who does know what is being done in this manner. Do you suppose there is any sensitive govt. work or national security projects being done in Pakistan as in this story? Does anyone really know? What kind of perception do these developers have of the US with the events of the last few years as we tromp around the Mideast? Who else might be getting copies of their work? What is the chance of back-doors being dropped into code to open our systems to potential cyber-terrorists? I know much has been written about cyber-terrorism since 9/11, and now I'm reading that some are saying that nothing has happened along these lines and it was never a threat, (liberal speak?). But I do think this is a risk that is real and giving them opportunities to get their hands on our systems or our code is an open invitation in my book. Thanks for the space to ramble... Randy Golly -----Original Message----- From: Kamal Habayeb [mailto:mountainfury () fastmail fm] Sent: Thursday, October 23, 2003 12:15 PM To: security-basics () securityfocus com Subject: Re: A reminder that security is not inherently solvable with technology JGrimshaw () ASAP com wrote:
http://www.sfgate.com/cgi-bin/article.cgi?file=/c/a/2003/10/22/MNGCO2FN8G1.
DTL
This article was posted on Slashdot today...
Does anyone else see the potential abuse of off shoring jobs that may contain sensitive customer information? As this idea spreads, it could become the "hostage taking" of the new millennium. No longer would one need to kidnap a person in South America and hold them for ransom, its much easier to obtain a job that gives access to sensitive information and then threaten to publicize the information if not paid. We need to take steps to keep our jobs and our information secure. --------------------------------------------------------------------------- Visual & Easy-to-use are not words that you think of when talking about network analyzers. Are you sick of the three window text decodes? Download ClearSight Network's Analyzer and see a new network analysis tool that makes the complex - easy http://www.securityfocus.com/sponsor/ClearSightNetworks_security-basics_0310 21 ---------------------------------------------------------------------------- --------------------------------------------------------------------------- Visual & Easy-to-use are not words that you think of when talking about network analyzers. Are you sick of the three window text decodes? Download ClearSight Network's Analyzer and see a new network analysis tool that makes the complex - easy http://www.securityfocus.com/sponsor/ClearSightNetworks_security-basics_031021 ---------------------------------------------------------------------------- --------------------------------------------------------------------------- Visual & Easy-to-use are not words that you think of when talking about network analyzers. Are you sick of the three window text decodes? Download ClearSight Network's Analyzer and see a new network analysis tool that makes the complex - easy http://www.securityfocus.com/sponsor/ClearSightNetworks_security-basics_031021 ----------------------------------------------------------------------------
Current thread:
- RE: A reminder that security is not inherently solvable with tech nology Randy Golly (Oct 24)
- Re: A reminder that security is not inherently solvable with technology Steve (Oct 24)
- <Possible follow-ups>
- RE: A reminder that security is not inherently solvable with tech nology Gene LeDuc (Oct 24)
- RE: A reminder that security is not inherently solvable with tech nology Hagen, Eric (Oct 24)
- RE: A reminder that security is not inherently solvable with tech nology Paul O'Malley (Oct 27)
- Re: A reminder that security is not inherently solvable with technology Meritt James (Oct 27)
- RE: A reminder that security is not inherently solvable with tech nology Paul O'Malley (Oct 27)