(No Ratings Yet)
Loading ...Every so often I read something so ‘out there’ I have to share it with you. Today a I read a post on IT-Director.com by Nigel Stanley, practice leader for IT Security at Bloor Research. To quote:
Application security, and the notion that poorly implemented code can create a security flaw in a piece of software, is a fairly recent innovation to many conventional IT security experts. Traditionally these experts have been focused on securing networks and ensuring that hackers and malcontents can’t penetrate their ever extending perimeters. Software programming has been an alien science to be avoided at all cost, and code security an impenetrable subject.
Well, I’m seriously confused. Back in the mid 90’s (over a decade ago), as a ‘network focused security expert’ I was adding application-oriented security features into the Cisco PIX firewall (may it rest in peace). I haven’t talked with any security expert in the last decade who doesn’t know that application-level attacks are the thing to worry about from a security perspective. Check out what F5 Networks are doing in the space, or Juniper Networks, or Cisco… Nigel goes on to say:
IT security experts can no longer ignore this crucial security field, and must work with their software development colleagues to help fix code related security problems.
That’s pretty much what has been going off for the last ten years, with Microsoft and others have been working with customers and security experts, fundamentally re-architecting the way that they write and test code. Thankfully Nigel’s report is, apparently, free of charge: Bloor answers.
Add Your Comment