Great article on the cutthroats in the security space. Toss out any altruism for "better security" - it is plain ol' "Smackdown" time! But wait, they are going to continue w/ the ridiculous "doing it for our own good" mantra... Check this out from the Wall Street Journal article (sorry, gotta pay at the site for the full article):
"Dan Ingevaldson, director of Internet Security Systems' X-Force research arm, denies competitive motives played a part in the release. Both companies make what are known as intrusion-prevention systems, fairly new technologies for stopping hacker attacks. "X-Force does not take our direction from marketing," he said. "We take our direction from hackers," who are showing new interest in exploiting flaws in security products, Mr. Ingevaldson said. "We're going to see if we can find the vulnerabilities before hackers do.""
"We take our direction from hackers" - So not only is he trying to beat the hackers to finding the flaws, but they know what they are in advance. I wonder if Dan understand's the significance of this statement. By the way, without "direction" from hackers, I bet the statistical likelihood that they could find the same vulnerabilities that a hacker would before the hacker does is nearing zero. There are just too many vulnerabilities out there.
""There is no campaign to go after our competitors," said Chief Operating Officer Firas Raouf, adding: "Vulnerability research should not be exclusive to non-security products. It's just part of the overall [goal of] making networks more secure, and we should not be treating each other with velvet gloves.""
So, does finding vulnerabilities "make networks more secure" if nobody patches? Forget about what they should be doing for a second, because you have no control over it. You know, if history can provide insight into the future, we have to assume that even more vulnerabilities will be found, so right now everybody is sitting with systems that are vulnerable... and we have to learn to deal with that. So any single new vulnerability gets us no closer to being "more secure" (after all, we are dealing w/ uncertainty here) it only exposes a weakness that can be exploited. Put this way, it is sort of silly that we scramble to find and fix known vulnerabilities, isn't it? (But we have to do it).
12:20:21 AM 
|
|
