Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

Experts Debate Who's Responsible For Internet Security

From: InfoSec News <isn () C4I ORG>
Date: Wed, 14 Jun 2000 13:46:21 -0500
http://www.crn.com/dailies/digest/breakingnews.asp?ArticleID=17498

By Marcia Savage
Computer Reseller News
San Francisco
2:27 PM EST Wed., June 14, 2000

When a group of security experts debated the question of who is
responsible for Internet security, the possibilities ranged from
software vendors to everyone.

The panel discussion, held here on Tuesday in conjunction with
NetSec2000, was sponsored by Palo Alto, Calif.-based Recourse
Technologies Inc. and Sunnyvale, Calif.-based SonicWall Inc.

"Vendors, I would point the finger at them," said Eugene Schultz,
trusted security advisor and research director at Global Integrity
Corp., a security-services firm based in Reston, Va. "They give us
[garbage] from a security standpoint."

Software vendors should provide more built-in security with their
products and also do more quality assurance on their code, Schultz
said.

"We tolerate vendor products that are faulty from a security
standpoint," said Schultz.

Others on the panel, however, placed the burden of security on a
broader scope. Individual users, corporate managers and the industry
as a whole all have a role in securing the Internet, they said.

"Responsibility comes down to each individual," said Keith Lowry,
director of security investigations and auditing, Pilot Network
Services Inc., Alameda, Calif.

We are going through a "quantum leap" in technology, and it is
"impossible for someone to have a perfect product," Lowry said.

Security is a process, and perfection is not attainable, Lowry said.
He noted that his company experiences millions of attempts to violate
its security policies every month.

Meanwhile, Steve Kwan, director of professional services, Ignyte
Technology Inc., a security solution provider based in Santa Clara,
Calif., said software functionality and security do not go hand in
hand. The market also pushes vendors to release product quickly, he
said.

User education is key and ignorance of basic security practices is no
excuse, Kwan said.

"There definitely needs to be awareness," said Kwan.

ISN is sponsored by SecurityFocus.com
---
To unsubscribe email LISTSERV () SecurityFocus com with a message body of
"SIGNOFF ISN".
Previous By Date Next
Previous By Thread Next

Current thread: