Information Security News mailing list archives
Experts Debate Who's Responsible For Internet Security
From: InfoSec News <isn () C4I ORG>
Date: Wed, 14 Jun 2000 13:46:21 -0500
http://www.crn.com/dailies/digest/breakingnews.asp?ArticleID=17498 By Marcia Savage Computer Reseller News San Francisco 2:27 PM EST Wed., June 14, 2000 When a group of security experts debated the question of who is responsible for Internet security, the possibilities ranged from software vendors to everyone. The panel discussion, held here on Tuesday in conjunction with NetSec2000, was sponsored by Palo Alto, Calif.-based Recourse Technologies Inc. and Sunnyvale, Calif.-based SonicWall Inc. "Vendors, I would point the finger at them," said Eugene Schultz, trusted security advisor and research director at Global Integrity Corp., a security-services firm based in Reston, Va. "They give us [garbage] from a security standpoint." Software vendors should provide more built-in security with their products and also do more quality assurance on their code, Schultz said. "We tolerate vendor products that are faulty from a security standpoint," said Schultz. Others on the panel, however, placed the burden of security on a broader scope. Individual users, corporate managers and the industry as a whole all have a role in securing the Internet, they said. "Responsibility comes down to each individual," said Keith Lowry, director of security investigations and auditing, Pilot Network Services Inc., Alameda, Calif. We are going through a "quantum leap" in technology, and it is "impossible for someone to have a perfect product," Lowry said. Security is a process, and perfection is not attainable, Lowry said. He noted that his company experiences millions of attempts to violate its security policies every month. Meanwhile, Steve Kwan, director of professional services, Ignyte Technology Inc., a security solution provider based in Santa Clara, Calif., said software functionality and security do not go hand in hand. The market also pushes vendors to release product quickly, he said. User education is key and ignorance of basic security practices is no excuse, Kwan said. "There definitely needs to be awareness," said Kwan. ISN is sponsored by SecurityFocus.com --- To unsubscribe email LISTSERV () SecurityFocus com with a message body of "SIGNOFF ISN".
Current thread:
- Experts Debate Who's Responsible For Internet Security InfoSec News (Jun 15)