Computerworld
Home News Blogs ReviewsWhite Papers Newsletters IT Careers

resource center


Ads by TechWords

See your link here

Subscribe to our e-mail newsletters
For more info on a specific newsletter, click the title. Details will be displayed in a new window.
Application/Web Development
Computerworld Daily News (First Look and Wrap-Up)
Computerworld Blogs Newsletter
The Weekly Top 10
More E-Mail Newsletters 
 

Print edition

Offshore Threat Debated at Hearing on Network Security

Vendors put on defensive before House

By Grant Gross
June 7, 2004 12:00 PM ET
Recommended
(0)
Digg
Share/Email

IDG News Service - WASHINGTON -- Offshore software development is one factor behind the escalation of exploitable network vulnerabilities, according to testimony at a hearing on network security before a U.S. House subcommittee last week.
Software companies must add more controls to the development process for software produced outside the U.S., said Steve Solomon, CEO of Citadel Security Software Inc. in Dallas.
"Software development organizations should be required to have all overseas-developed software examined for malicious capabilities embedded in the code," Solomon told the House Government Reform Committee's Subcommittee on Technology, Information Policy, Intergovernmental Relations and the Census. "Industry and government must work together to develop some form of standard or review process to address this growing threat."
Solomon's comments were rebutted by representatives from Microsoft Corp. and Juniper Networks Inc.
"It really doesn't matter where software is developed," said Dubhe Bienhorn, vice president of Juniper Federal Systems. "It is a process that requires very tight controls and very intense scrutiny."
Cheap Solution
Solomon defended his comments by pointing out that software vendors see offshore development as "easy and cheap."
"Maybe my colleagues on this panel have [secure offshore] processes in place," he added. "A lot of companies don't."

Rep. Adam Putnam (R-Fla.)
Rep. Adam Putnam (R-Fla.)
Image Credit: Newscom.com
Subcommittee chairman Rep. Adam Putnam (R-Fla.) focused some of his questions on the process of patching software after vulnerabilities are discovered. When Putnam asked whether the patching process and the alert process that accompanies it are working well, Scott Culp, senior security strategist at Microsoft, said he believes that software vendors are working hard to notify customers.
"We have a very active interest in making sure as many people as possible know about our mistakes and how to fix them," Culp said.


Asked by Putnam if he's satisfied with the patch and alert process Microsoft now has in place, Culp responded that he's never satisfied. "I'd like to send out a lot fewer of those alerts," he said.
Putnam started the hearing by taking both private companies and government agencies to task for not moving fast enough to address continuing cybersecurity concerns. "As a nation, we have taken very dramatic steps to increase our physical security, but protecting our information networks has not progressed at the same pace, either in the public or in the private sector," Putnam said. "I remain concerned that we are collectively not moving fast enough to protect the American people and the U.S. economy from the very real threats that exist today. ... The time for action is now."
False Sense of Security
Solomon also suggested

Reprinted with permission from

IDG.net
Story copyright 2009 International Data Group. All rights reserved.

Recommend Digg Twitter ShareThis
Email Print Send Feedback Reprints

Additional Resources

POLL RESULTS
Leading IT Pros Weigh In on Top IT Issues
Accelerate your knowledge of the IT world you inhabit by viewing the results of a series of polls taken by your IT peers. These polls of 100+ IT professionals each are available for full viewing. They cover key topics such as virtualization, processor performance, green IT, cloud computing and many others. Be a part of the buzz.
WHITE PAPER
For Best Results, Think Beyond the Box
Technology is complex. Keeping it running productively shouldn't be. To that end, you want to minimize the number of solutions needed in-house to simplify operations, maintenance, and support. Kodak offers a best-practices model. One company provides support for both scanner and software, for fast problem resolution without vendor finger-pointing. Download now!
WHITE PAPER
Accelerating the Path to Demand Intelligence with a Demand Signal Repository
Utilizing demand intelligence improves the precision of pricing, product assortments, channel/store placement, and promotion, which are all essential for sustainable revenue management performance. Learn more, download this free whitepaper today.

White Papers & Webcasts

Five Steps to Successful IT Consolidation
Has your Enterprise made the strategic decision to consolidate remote site IT infrastructure into central data centers? Then you have probably discovered that...  

Three IT Strategies to Cut Cost Intelligently
Forrester and BMC Share Tips on Consolidating, Automating, and Cutting Cost. Don't make hasty cost reductions. When the economy recovers, ensure your IT...

Microsoft SharePoint Performance Brief
This is a Performance Brief that illustrates how Riverbed Steelhead appliances accelerate MS SharePoint Services over the WAN. 2 pp....  

Usability Is Everything
Learn what sets Workday's HR and Payroll solutions apart from the competition....

IBM Lotus Notes Performance Brief
This is a Performance Brief that illustrates how Riverbed Steelhead appliances accelerate Lotus Notes R7....  

The Value of Real SaaS at Workday
Cost savings, speed to value, and innovation brought to the enterprise by Workday's software-as-a-service solutions for HR and Payroll....

The True ROI behind WAN Optimization
Looking for solid data behind the cost-savings story of WAN optimization? In this paper, NetForecast analysts interviewed customers who have deployed this solution,...  

SaaS at Flextronics, Inc.
Dave Smoley, CIO of Flextronics, discusses the real value of software-as-a-service and why he chose Workday for his HR solution....

Forrester Consulting - Optimizing Users and Applications in a Mobile World
Are your workers going increasingly mobile? Don't wait for their calls to slam Support when they experience poor application performance on the road....  

Why Compliance Pays
This OnDemand webcast explores the relationship that firms with best compliance records have higher revenue, greater customer retention, lower financial losses from data...

All White Papers | All Webcasts

Computerworld Reports

Sold on SOA

An Interactive eBook: Enterprise Security

The Business Case for Server Virtualization

All Computerworld Reports
 
About Us Advertise Contacts Editorial Calendar Help Desk Jobs at IDG Privacy Policy Reprints Site Map
CIO Computerworld CSO DEMO GamePro Games.net IDC IDG IDG Connect IDG Knowledge Hub IDG TechNetwork IDG Ventures
IDG.net InfoWorld ITwhitepapers ITworld JavaWorld LinuxWorld Macworld Network World PC World The Industry Standard
Copyright © 1994 - 2009 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of
Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.