Practical Internet Security

An interesting article in Information Week about the practical planning for security in the corporate environment.   The man that invented one of the early versions of Norton anti-virus software laments that IT pros are wasting their energy… I love his analogy that describes the lack of setting realistic expectations for security:

The industry spends way too much time on vulnerability research, testing, and patching, considering that only 3% of the vulnerabilities discovered are exploited, he said. He compared it to automobile safety research: “If I sat up in a window of a building, I might find that I could shoot an arrow through the sunroof of a Ford and kill the driver. … If I disclose that vulnerability, shouldn’t the automaker put in some sort of arrow deflection device to patch the problem? … And because it’s potentially fatal to the driver, I rate it as ‘critical.'”

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.