Secure Coding mailing list archives
RE: Re: The biggest thing affecting software security? People, apparently.
From: "Yousef Syed" <ysyed () dial pipex com>
Date: Sun, 03 Jul 2005 20:15:16 +0100
Numerous corporations have induction schemes for new employees. These should be designed to contain a significant portion referring to basic security. If they covered little else than advice on how to use email appropriately, it would be a huge benefit. (e.g. Don't open attachments unless you were expecting it; Don't open/respond to junk mail; Teach them the tell-tale signs that an attachment is a virus). Many corporations have these things in their policy and email usage documents. They just aren't enforced! Partly because many managers are found making the errors in the first place! A change in attitude is required. The best way to do this is to show/publicize the costs involved in when viruses spread through a corporation; or when or if users' credit-card details are compromised. Corporations won't change unless it is made worthwhile to them. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Manko Sent: 30 June 2005 17:04 To: . . Cc: [EMAIL PROTECTED] Subject: [SC-L] Re: The biggest thing affecting software security? People, apparently. The reason there is such a hugh investment in technology is because we can't rely on people for security. No matter how much we try to educate, the general populous disregard the significance of security. In addition, trivial security implementation are met with trivial exploits, something that will do the cracker just fine. . . wrote:
I wouldn't call 66 votes on your website Nick (http://www.mail-archive.com/sc-l%40securecoding.org/msg00758.html), a comprehensive tally. It would be interesting to get a larger audience involved in this type of question though. Regards, - webappsec On 6/29/05, Nick Murison <[EMAIL PROTECTED]> wrote:Hi all, www.threatsandcountermeasures.com just closed their poll on what people thought was the biggest thing affecting software security. The results
were:
People: 80.3% Process: 18.2% Technology: 1.5% Results also available from
www.threatsandcountermeasures.com/PastPolls.aspx.
If this is the case, then why is there such a huge financial investment in security technology? Is the human factor expected to magically improves
once
we've got the "right" technology? For our new poll, Threats and Countermeasures are asking what people consider to be the more secure web application development platform; JSP, PHP, ColdFusion, ASP.NET or old-skool CGI. Best regards, -- Nicholas John Murison ~~~~~~~~~~~~~~~~~~~~~ http://www.urgusabic.net
Current thread:
- Re: The biggest thing affecting software security? People, apparently. Robert Hajime Lanning (Jun 30)
- <Possible follow-ups>
- Re: The biggest thing affecting software security? People, apparently. . . (Jun 30)
- Re: The biggest thing affecting software security? People, apparently. John Manko (Jun 30)
- RE: Re: The biggest thing affecting software security? People, apparently. Yousef Syed (Jul 03)
- Re: The biggest thing affecting software security? People, apparently. John Manko (Jun 30)
- Re: The biggest thing affecting software security? People, apparently. Steven M. Bellovin (Jul 03)