Access "The Pipe Dream of No More Free Bugs"
This article is part of the May 2009 issue of How automated compliance solutions can help you plan for your next audit
Information Security magazine, May issue Download the entire May issue of Information Security magazine here in PDF format. By MICHAEL S. MIMOSO, Editor No More Free Bugs is the new security researcher credo. A few high-profile bug hunters have decided gratis is a goner and they're not giving away their work for nothin' no more. Vendors such as Apple, Oracle and Microsoft can find their own browser bugs and buffer overflows. These guys are taking their keyboards and fuzzers and are going home. The reason for the change in attitude is apparently twofold: 1) Bugs are hard to find. What used to take a couple of hours of spare time to find now takes a weekend -- or a week, or a month; and 2) yesterday's young bug-finder is today's adult complete with spouses, kids, mortgages and bills to pay. They're not going to be satisfied with a tip-of-the-cap mention in the Patch Tuesday bulletin any more. Gratis is a goner. The revolution began at the CanSecWest conference in March in Vancouver where Charlie Miller won the Pwn2Own contest for the second consecutive year, ... Access >>>
Premium Content for Free.
Changing times for identity management
Identity management technology is adapting to meet enterprise needs. Learn what products can improve security and ease compliance.
Do you need an IDS or IPS, or both?
by Joel Snyder, Contributor
Cut through the hype and learn the differences and benefits of intrusion detection and prevention systems.
- Changing times for identity management
Cybersecurity Act of 2009: Power grab, or necessary step?
The Cybersecurity Act of 2009, also known as S.773, would give the president unprecedented authority over federal and private networks. Experts debate whether it's a power grab, or a signal of the seriousness of threats to critical infrastructure.
Ease the compliance burden with automation
Manual compliance processes are error-prone and drain corporate IT resources. Automated tools make a difference if you apply them to a well-organized compliance program.
- Cybersecurity Act of 2009: Power grab, or necessary step?
Service-focused security offers best value to organization
A service-oriented approach is the best way to demonstrate security's value and win support for security initiatives.
The Pipe Dream of No More Free Bugs
Security researchers have declared they want vendors to compensate them for their independent search for vulnerabilities.
Bruce Schneier and Marcus Ranum Face-Off: Should We Have an Expectation of Online Privacy?
by Marcus J. Ranum, Contributor
Security experts Bruce Schneier and Marcus Ranum debate whether users should have an expectation of online privacy.
- Service-focused security offers best value to organization
More Premium Content Accessible For Free
Deploying data protection technologies properly requires a lot of time and patience. While most firms can get started by using preconfigured policies...
The bring your own device (BYOD) movement, which has flooded the enterprise with employee-owned smartphones, tablets, phablets and purse-sized ...
For so long penetration testing meant hiring an expert to use skill and savvy to try to infiltrate the company system. But, as with most ...