resource center
  See your link here
|
IDG News Service -
WASHINGTON -- Offshore software development is one factor behind the escalation of exploitable network vulnerabilities, according to testimony at a hearing on network security before a U.S. House subcommittee last week.
Software companies must add more controls to the development process for software produced outside the U.S., said Steve Solomon, CEO of Citadel Security Software Inc. in Dallas.
"Software development organizations should be required to have all overseas-developed software examined for malicious capabilities embedded in the code," Solomon told the House Government Reform Committee's Subcommittee on Technology, Information Policy, Intergovernmental Relations and the Census. "Industry and government must work together to develop some form of standard or review process to address this growing threat."
Solomon's comments were rebutted by representatives from Microsoft Corp. and Juniper Networks Inc.
"It really doesn't matter where software is developed," said Dubhe Bienhorn, vice president of Juniper Federal Systems. "It is a process that requires very tight controls and very intense scrutiny."
Cheap Solution
Solomon defended his comments by pointing out that software vendors see offshore development as "easy and cheap."
"Maybe my colleagues on this panel have [secure offshore] processes in place," he added. "A lot of companies don't."
Rep. Adam Putnam (R-Fla.)
Image Credit: Newscom.com
"We have a very active interest in making sure as many people as possible know about our mistakes and how to fix them," Culp said.
Asked by Putnam if he's satisfied with the patch and alert process Microsoft now has in place, Culp responded that he's never satisfied. "I'd like to send out a lot fewer of those alerts," he said.
Putnam started the hearing by taking both private companies and government agencies to task for not moving fast enough to address continuing cybersecurity concerns. "As a nation, we have taken very dramatic steps to increase our physical security, but protecting our information networks has not progressed at the same pace, either in the public or in the private sector," Putnam said. "I remain concerned that we are collectively not moving fast enough to protect the American people and the U.S. economy from the very real threats that exist today. ... The time for action is now."
False Sense of Security
Solomon also
IDG.net
Share our Strength
Download Now
Lower the Cost and Complexity of a Mobile Workforce through Automation
Download This Resource Now!
Top 10 Things to Know about Data Protection
Download Now
Managing Mobility: Improve Data Security, Compliance and Manageability
Download This Resource Now!
Managing Secure File Transfer to Save Time, Money and IT Resources
Learn how companies are using innovative technology to overcome these challenges and improve user productivity by offloading e-mail attachments and replacing FTP with...
Ponemon Study: The Business Risk of a Lost Laptop
Download Now
Security Convergence Equals Network Security Cost Savings
Listen to IBM Internet Security Systems' take on network security convergence.
Airport Insecurity: The Case of Lost Laptops
Download Now
Disaster Recovery 2008: Reduced Costs and Improved Performance
How long can your Enterprise afford to be without your data? With an accelerated disaster recovery program, you never have to answer this...
Sign up to receive updates on the latest Security resources
CIO
Computerworld
CSO
DEMO
GamePro
Games.net
IDC
IDG
IDG Connect
IDG Knowledge Hub
IDG TechNetwork
IDG Ventures
IDG.net
InfoWorld
ITwhitepapers
ITworld
JavaWorld
LinuxWorld
Macworld
Network World
PC World
The Industry Standard
Copyright © 1994 - 2009 Computerworld Inc. All
rights reserved. Reproduction in whole or in part in any form or medium
without express written permission ofComputerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc. |
