Computerworld
Quick Menu
Search



Ads by TechWords

See your link here


Subscribe to our e-mail newsletters
For more info on a specific newsletter, click the title. Details will be displayed in a new window.
Virus and Vulnerability Roundup
Finance
Security
Computerworld Daily News (First Look and Wrap-Up)
Computerworld Blogs Newsletter
The Weekly Top 10
More E-Mail Newsletters 
Computerworld 2007Subscribe to Computerworld
40 years of the most authoritative source of news and information for IT leaders.

Microsoft earns patching praise from IT execs

Users say some rivals lag behind on fixing flaws, disclosing security info
 

Sign up to receive Spam, Malware and Vulnerabilities Resource Alerts

January 20, 2006 (Computerworld) -- Microsoft Corp. may take the most heat on security vulnerabilities, but other software vendors need to catch up when it comes to dealing with flaws found in their products, according to users and analysts interviewed last week.
Many credited Microsoft for having made good progress in its efforts to develop a formal strategy for addressing vulnerabilities in the four years since Bill Gates, the company's chairman and chief software architect, announced its Trustworthy Computing initiative in January 2002. But the same isn't true for Oracle Corp. and other vendors that are lagging behind Microsoft when it comes to vulnerability discovery, remediation and disclosure processes, the users and analysts said.
"I think Microsoft has developed a strategy and a vision around security and vulnerabilities that they just didn't have a few years ago," said Lloyd Hession, chief security officer at BT Radianz, a New York-based provider of telecommunications services to financial firms. "It's hard to point to a single vendor who is doing a better job."
Policies for responding to the discovery of security flaws are taking on increased importance as database, application and networking software become more prominent targets of cyberthreats that previously were aimed at operating systems, particularly Windows.
For instance, more than one-third of the top 20 Internet security vulnerabilities listed by the SANS Institute as part of an annual report released in November involved flaws found in application, security and data backup software.
Earlier this week, Oracle released a quarterly roundup of software patches designed to fix 82 vulnerabilities ¿ many of them rated "critical" by the company (see "Oracle releases patches for 82 flaws"). Cisco Systems Inc. also issued patches this week for several flaws affecting its routers and Call Manager software (see "Cisco patches a number of products"). And EMC Corp. released patches for its NetWorker backup software to fix security problems that could lead to a system crash or unauthorized remote access (see "Backup software sees exploit, patches").

Such disclosures highlight the fact that Microsoft isn't the only vendor with security problems, although it often gets the most criticism, said Steven Gelfound, IT director of the National Center for Missing & Exploited Children in Alexandria, Va.
"They're just in a situation where everyone is gunning for them," Gelfound said. "[But] it's not that any one operating system or application is more secure than the other. Given enough time and computing resources, you can crack just about anything out there."
In fact, based on information provided by each of the vendors, Microsoft disclosed a total of 12 vulnerabilities over the past three months, compared with 167 for Oracle, 18 for Cisco and eight for Sun

Continued...
1 | 2 | 3 | 4 | NEXT  



Print this Story Send Us Feedback E-mail this Story Digg! Digg this Story Slashdot this Story
"An approaching hurricane fortuitously recalls the famous statement on planning from Eisenhower. We should heed his words...." Read more...
Read more Security posts or See all Blogs
At 10, Google reiterates commitment to CIOs
Microsoft explains Seinfeld-Windows TV ad: just a 'teaser'
Continuing coverage: Google's Chrome browser
More top stories...
iPhone 3G owner sues Apple, AT&T over dropped calls, app crashes
Mozilla: Firefox is faster than Chrome
Upcoming Microsoft patch lineup could be 'massive,' says researcher
Users of Windows XP SP3 who try out IE8 Beta 2 won't be able to uninstall either one under certain circumstances.
Google has gone from innovative upstart to fat-and-happy industry leader in what seems like record time. Preston Gralla explains.
Microsoft's latest beta of IE8 includes better tab management, new services such as Web Slices and Accelerators, and the new 'porn mode.'
These leading-edge graduate schools are moving at the pace of the IT workplace, delivering coursework that's relevant to today's IT professionals.
Reviews, analyses, how-tos, visual tours, hot issues and predictions about Microsoft's new OS.
Four years from now, the IT field will be a vastly different place. Will you be ready?
All Zones
Application Performance Zone
Business Continuity Zone
The File Data Management Zone
Security Management Zone
ITIL Best Practices Zone
The SAS Zone
Business Intelligence and Analytics Zone
Windows Protection Zone
Identity & Security Management Zone

Ads by TechWords

See your link here
From Laggard to Leader: Transforming the Data Center
From Laggard to Leader: Transforming the Data Center
Register for this complimentary live webcast today!
Go to the webcast 
Managing Mobile Data with Endpoint Security for Laptops
Download this white paper now, compliments of Computerworld and Absolute Software.
(Source: Absolute Software) A NetworkWorld survey of IT professionals found that only 1 in 100 employees consistently follow data security policy. This paper outlines endpoint security for laptops that restricts data access beyond encryption to safeguard against insider threats and user error.Read this whitepaper to learn lessons from recent data breaches, limitations of traditional data security, and how to remotely wipe out data and monitor computers that go off the network.
Download this executive briefing download
Top 10 Reasons to Upgrade
Get this white paper now!
(Source: Symantec) Symantec Backup Exec 12 and Backup Exec System Recovery 8 deliver industry leading Windows data protection and system recovery. Download this whitepaper to find out the top reasons to upgrade and how to get continuous data protection and complete system recovery.
Download this white paper go
White Papers
Read up on the latest ideas and technologies from companies that sell hardware, software and services.
Death to PST: Hidden Cost of Email Mismanagement
Extend, Replace, or Convert; which is the best way forward for COBOL Applications?
The Trend from Unix to Linux in SAP Data Centers
View more whitepapers