Read more of this story at Slashdot.
Feeds
34730 items (30217 unread) in 5 feeds
OpenSource
(5766 unread)
-
SourceForge.net: Front page news
(802 unread)
-
Slashdot: IT (4964 unread)
Security
(11367 unread)
-
Digg / Security (11367 unread)
Linux
(13084 unread)
-
-
Slashdot: Linux (1660 unread)
Slashdot: IT
-
Michal Zalewski On Security's Broken Promises
Posted: May 21st, 2010, 9:20pm CEST by Soulskill
Tags: security
Lipton-Arena writes "In a thought-provoking guest editorial on ZDNet, Google security guru Michal Zalewski laments the IT security industry's broken promises and argues that little has been done over the years to improve the situation. From the article: 'We have in essence completely failed to come up with even the most rudimentary, usable frameworks for understanding and assessing the security of modern software; and spare for several brilliant treatises and limited-scale experiments, we do not even have any real-world success stories to share. The focus is almost exclusively on reactive, secondary security measures: vulnerability management, malware and attack detection, sandboxing, and so forth; and perhaps on selectively pointing out flaws in somebody else's code. The frustrating, jealously guarded secret is that when it comes to actually enabling others to develop secure systems, we deliver far less value than could be expected.'"