Computerworld
Home News Blogs In Depth ReviewsWhite Papers Newsletters IT Jobs

resource center


Ads by TechWords

See your link here

Newsletter Sign-Up

Receive the latest technology news and information.
Application/Web Development
Computerworld Daily News (First Look and Wrap-Up)
Computerworld Blogs Newsletter
The Weekly Top 10
Cloud Computing
View all newsletters




Privacy Policy
 

Offshore Threat Debated at Hearing on Network Security

Vendors put on defensive before House

By Grant Gross
June 7, 2004 12:00 PM ET
Recommended
(5)
Digg
Share/Email

IDG News Service - WASHINGTON -- Offshore software development is one factor behind the escalation of exploitable network vulnerabilities, according to testimony at a hearing on network security before a U.S. House subcommittee last week.
Software companies must add more controls to the development process for software produced outside the U.S., said Steve Solomon, CEO of Citadel Security Software Inc. in Dallas.
"Software development organizations should be required to have all overseas-developed software examined for malicious capabilities embedded in the code," Solomon told the House Government Reform Committee's Subcommittee on Technology, Information Policy, Intergovernmental Relations and the Census. "Industry and government must work together to develop some form of standard or review process to address this growing threat."
Solomon's comments were rebutted by representatives from Microsoft Corp. and Juniper Networks Inc.
"It really doesn't matter where software is developed," said Dubhe Bienhorn, vice president of Juniper Federal Systems. "It is a process that requires very tight controls and very intense scrutiny."
Cheap Solution
Solomon defended his comments by pointing out that software vendors see offshore development as "easy and cheap."
"Maybe my colleagues on this panel have [secure offshore] processes in place," he added. "A lot of companies don't."

Rep. Adam Putnam (R-Fla.)
Rep. Adam Putnam (R-Fla.)
Image Credit: Newscom.com
Subcommittee chairman Rep. Adam Putnam (R-Fla.) focused some of his questions on the process of patching software after vulnerabilities are discovered. When Putnam asked whether the patching process and the alert process that accompanies it are working well, Scott Culp, senior security strategist at Microsoft, said he believes that software vendors are working hard to notify customers.
"We have a very active interest in making sure as many people as possible know about our mistakes and how to fix them," Culp said.


Asked by Putnam if he's satisfied with the patch and alert process Microsoft now has in place, Culp responded that he's never satisfied. "I'd like to send out a lot fewer of those alerts," he said.
Putnam started the hearing by taking both private companies and government agencies to task for not moving fast enough to address continuing cybersecurity concerns. "As a nation, we have taken very dramatic steps to increase our physical security, but protecting our information networks has not progressed at the same pace, either in the public or in the private sector," Putnam said. "I remain concerned that we are collectively not moving fast enough to protect the American people and the U.S. economy from the very real threats that exist today. ... The time for action is now."
False Sense of Security
Solomon also
Recommend Digg Twitter ShareThis
Email Print Send Feedback Reprints

Reprinted with permission from

IDG.net
Story copyright 2009 International Data Group. All rights reserved.

Jump to comments

Security

Additional Resources

Microsoft
DirectAccess and UAG: Better Together
Here are some of the key reasons why you would want to run Unified Access Gateway with DirectAccess.
Microsoft
Case Study: Energy Firm Tightens Protection, Simplifies IT Work
Review how one energy firm tightened protection and simplified IT work using business-ready security solutions.
Sybase
NEXT-GENERATION MOBILITY PLATFORMS
In this white paper, IDC analyzes the role of next-generation mobile enterprise platforms as organizations seek a more strategic deployment of mobile solutions.

Learn the important issues you must consider before starting your next mobility initiative. Get your mobility white paper from IDC now, compliments of Sybase.

White Papers & Webcasts

Managed File Transfer for SOA using IBM WebSphere MQ File Transfer Edition
Download Now  

Three IT Strategies to Cut Cost Intelligently
Register for this Webcast! Provided by BMC Software.

Four Promising Alternatives to the Lead Acid Battery
Download this whitepaper now!  

Data in Action: Making the Planet Smarter
Register Now

Five Steps to Successful IT Consolidation
Has your Enterprise made the strategic decision to consolidate remote site IT infrastructure into central data centers?  

Hosted Security Services: Why it make budget and security sense in today's economy
Watch Now

The True ROI behind WAN Optimization
Looking for solid data behind the cost-savings story of WAN optimization?  

The Workday User Experience Video
Watch Workday's Creative Director, Scott Lietzke, discuss the business-centered design philosophy at Workday.

Forrester Consulting - Optimizing Users and Applications in a Mobile World
Learn how to successfully deploy a WAN optimization solution that is specifically tuned for a mobile environment!  

Business Process Framework Demo
Learn about Configurable Business Processes and Calculated Fields. Watch Now!

All White Papers | All Webcasts

Computerworld Reports

Sold on SOA

Computerworld Technology Briefing: More than Business Value

Computerworld Briefing: Staffing for Intelligence

All Computerworld Reports

IT Jobs

 
About Us Advertise Contacts Editorial Calendar Help Desk Jobs at IDG Privacy Policy Reprints Site Map
CIO Computerworld CSO DEMO GamePro Games.net IDC IDG IDG Connect IDG Knowledge Hub IDG TechNetwork IDG Ventures
IDG.net InfoWorld ITwhitepapers ITworld JavaWorld LinuxWorld Macworld Network World PC World The Industry Standard
Copyright © 1994 - 2010 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of
Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.