resource center
  See your link here
|
IDG News Service -
WASHINGTON -- Offshore software development is one factor behind the escalation of exploitable network vulnerabilities, according to testimony at a hearing on network security before a U.S. House subcommittee last week.
Software companies must add more controls to the development process for software produced outside the U.S., said Steve Solomon, CEO of Citadel Security Software Inc. in Dallas.
"Software development organizations should be required to have all overseas-developed software examined for malicious capabilities embedded in the code," Solomon told the House Government Reform Committee's Subcommittee on Technology, Information Policy, Intergovernmental Relations and the Census. "Industry and government must work together to develop some form of standard or review process to address this growing threat."
Solomon's comments were rebutted by representatives from Microsoft Corp. and Juniper Networks Inc.
"It really doesn't matter where software is developed," said Dubhe Bienhorn, vice president of Juniper Federal Systems. "It is a process that requires very tight controls and very intense scrutiny."
Cheap Solution
Solomon defended his comments by pointing out that software vendors see offshore development as "easy and cheap."
"Maybe my colleagues on this panel have [secure offshore] processes in place," he added. "A lot of companies don't."
Rep. Adam Putnam (R-Fla.)
Image Credit: Newscom.com
"We have a very active interest in making sure as many people as possible know about our mistakes and how to fix them," Culp said.
Asked by Putnam if he's satisfied with the patch and alert process Microsoft now has in place, Culp responded that he's never satisfied. "I'd like to send out a lot fewer of those alerts," he said.
Putnam started the hearing by taking both private companies and government agencies to task for not moving fast enough to address continuing cybersecurity concerns. "As a nation, we have taken very dramatic steps to increase our physical security, but protecting our information networks has not progressed at the same pace, either in the public or in the private sector," Putnam said. "I remain concerned that we are collectively not moving fast enough to protect the American people and the U.S. economy from the very real threats that exist today. ... The time for action is now."
False Sense of Security
Solomon also
IDG.net
Forrester Consulting - Optimizing Users and Applications in a Mobile World
Learn how to successfully deploy a WAN optimization solution that is specifically tuned for a mobile environment!
Three IT Strategies to Cut Cost Intelligently
Register for this Webcast! Provided by BMC Software.
Advancing the Economics of Networking
For more information download it today!
Effectively Implementing Datacenter Automation
Effectively select and deploy the best datacenter automation solution today!
Is your data center running out of power or cooling?
Download this whitepaper now!
Aligning IT to Business: The Rising Importance of Application Delivery Networks
Application Delivery Networking (ADN) will play a vital role in helping enterprises incorporate strategic technologies to achieve business initiatives.
Five Steps to Successful IT Consolidation
Has your Enterprise made the strategic decision to consolidate remote site IT infrastructure into central data centers?
Sign up to receive updates on the latest Development resources
CIO
Computerworld
CSO
DEMO
GamePro
Games.net
IDC
IDG
IDG Connect
IDG Knowledge Hub
IDG TechNetwork
IDG Ventures
IDG.net
InfoWorld
ITwhitepapers
ITworld
JavaWorld
LinuxWorld
Macworld
Network World
PC World
The Industry Standard
Copyright © 1994 - 2009 Computerworld Inc. All
rights reserved. Reproduction in whole or in part in any form or medium
without express written permission ofComputerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc. |
