Wednesday, February 22, 2006

IT pros say they cannot stop every threat

I ran across this excellent article at "" today:,289142,sid14_gci1168007,00.html?track=NL-102&ad=543470

They say:

Security incidents can slip right past an IT shop amid a merger, tight staffing or when technology deployments outpace an enterprise's ability to keep up. In a recent survey, some IT professionals admitted this is exactly the scenario they're dealing with.

And this is precisely the scenario that the world of computer users is faced with constantly in the software they use. Companies are always in a rush to adapt new technologies with little or no thought toward Quality Assurance (which can and should include security vulnerability assessment).

In all, 28% of respondents said they have "little or no confidence" that they've detected all significant security breaches in the past year. Meanwhile, 26% rated their current IT environment as more vulnerable than it was the year before.

That doesn't surprise me either. Even on a small scale I've experienced lately a management imperative of "just get it out there" - without planning or scheduling any quality control or test. Being the evil QA guy I am, I've recently even poked my nose into things that were not in mo domain and pointed out to management that certain vulnerabilities were blantantly obvious. But I still wasn't asked to fully QA the thing, even after spending 10 minutes and pointing out dramatic flaws.

I've also spent a lot of time lately testing on the fringes of various open source projects, and it is frankly appaling how many bugs and potential security vulnerabilities are present.

One wonders what we are setting ourselves up for in this computer crazed society where corporations have such lack of discretion.



Post a Comment

<< Home