Microsoft earns patching praise from IT execs
Users say some rivals lag behind on fixing flaws, disclosing security info
Computerworld - Microsoft Corp. may take the most heat on security vulnerabilities, but other software vendors need to catch up when it comes to dealing with flaws found in their products, according to users and analysts interviewed last week.
Many credited Microsoft for having made good progress in its efforts to develop a formal strategy for addressing vulnerabilities in the four years since Bill Gates, the company's chairman and chief software architect, announced its Trustworthy Computing initiative in January 2002. But the same isn't true for Oracle Corp. and other vendors that are lagging behind Microsoft when it comes to vulnerability discovery, remediation and disclosure processes, the users and analysts said.
"I think Microsoft has developed a strategy and a vision around security and vulnerabilities that they just didn't have a few years ago," said Lloyd Hession, chief security officer at BT Radianz, a New York-based provider of telecommunications services to financial firms. "It's hard to point to a single vendor who is doing a better job."
Policies for responding to the discovery of security flaws are taking on increased importance as database, application and networking software become more prominent targets of cyberthreats that previously were aimed at operating systems, particularly Windows.
For instance, more than one-third of the top 20 Internet security vulnerabilities listed by the SANS Institute as part of an annual report released in November involved flaws found in application, security and data backup software.
Earlier this week, Oracle released a quarterly roundup of software patches designed to fix 82 vulnerabilities ¿ many of them rated "critical" by the company (see "Oracle releases patches for 82 flaws"). Cisco Systems Inc. also issued patches this week for several flaws affecting its routers and Call Manager software (see "Cisco patches a number of products"). And EMC Corp. released patches for its NetWorker backup software to fix security problems that could lead to a system crash or unauthorized remote access (see "Backup software sees exploit, patches").
Such disclosures highlight the fact that Microsoft isn't the only vendor with security problems, although it often gets the most criticism, said Steven Gelfound, IT director of the National Center for Missing & Exploited Children in Alexandria, Va.
"They're just in a situation where everyone is gunning for them," Gelfound said. "[But] it's not that any one operating system or application is more secure than the other. Given enough time and computing resources, you can crack just about anything out there."
In fact, based on information provided by each of the vendors, Microsoft disclosed a total of 12 vulnerabilities over the past three months,
- Best iPhone, iPad Business Apps for 2014
- 14 Tech Conventions You Should Attend in 2014
- 10 Desktop Apps to Power Your Windows PC
- How to Add New Job Skills Without Going Back to School
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The Threat Landscape Hardly a day goes by without the discovery of a new cyberthreat somewhere in the world! But how do you keep up with...
- Security for Virtualization In the rush to implement virtualization, security has become second. So while the business benefits are clear, the risks are less well documented...
- Accelerating Network Convergence in Virtualized and Cloud Data Centers Adopting a converged networking strategy enables organizations to traffic server and storage I/O workloads on consolidated data throughput channels. Intelligent software helps optimize...
- Omnichannel: From Buzzword to Strategy Customers demand a seamless experience across channels, especially mobile. Read this whitepaper for a research-based framework for using omnichannel for higher customer engagement.
- Webinar: Building a Big Data solution that's production-ready Big data solutions are no longer just a nice-to-have.
- Meg Whitman presents Unlocking IT with Big Data During this Web Event you will hear Meg Whitman, President and CEO, HP discuss HAVEn - the #1 Big Data platform, as well... All Malware and Vulnerabilities White Papers | Webcasts