Saturday, August 03, 2002

Clarke Lambastes Software Industry
The government's top information security official sharply criticized the software industry, ISPs and the government itself for a lack of commitment to security. Saying that the current climate demands more and better security, Richard Clarke, chairman of the President's Critical Infrastructure Protection Board (PCIPB), said it was time for a change.

"The software industry has an obligation to do a better job producing software that works," Clarke said in his opening keynote speech at the Blackhat Briefings security conference here Wednesday. "It's no longer acceptable that the number of vulnerabilities identified goes up every year."

He cited Microsoft's Trustworthy Computing effort as a step in the right direction, but said that vendors as a rule need to write better quality code.

"We also need an improvement in the quality of software engineering. It's clear that what we're doing now isn't working," Clarke said. "I welcome Bill Gates' pledge, and I will hold him to it. I think we should ask other vendors to do the same thing."

Clarke's comments were part of a preview of PCIPB's forthcoming national cybersecurity strategy, which it will unveil Sept. 18 in Silicon Valley. The document will address security problems in several key market segments, including banking and finance, chemical manufacturing, IT and education. Clarke singled out several industries as bearing the lion's share of responsibility for the current security problems facing the country.

He was particularly critical of vendors who sell wireless LAN gear and ISPs. Citing the Department of Defense's recent decision to turn off all WLANs in its facilities, Clarke said other organizations should do likewise until there are better methods for securing these networks.

Clarke lambasted ISPs for failing to alert consumers to the dangers inherent in having an always-on broadband connection.

"Every ISP that offers broadband ought to be offering a firewall," he said. "If you ask ISPs off-the-record why they don't, they'll tell you it's too expensive and they want broadband to be cheap. So they want to make it cheap for people to be hacked."
http://www.eweek.com/article2/0,3959,428553,00.asp
Posted by Unknown at 9:21 AM

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)
con·cept