Access "Schneier-Ranum Face-Off on the dangers of a software monoculture"
This article is part of the November 2010 issue of Meeting cloud computing compliance mandates
Point: Bruce Schneier In 2003, a group of security experts -- myself included -- published a paper saying that 1) software monocultures are dangerous and 2) Microsoft, being the largest creator of monocultures out there, is the most dangerous. Marcus Ranum responded with an essay that basically said we were full of it. Now, eight years later, Marcus and I thought it would be interesting to revisit the debate. The basic problem with a monoculture is that it's all vulnerable to the same attack. The Irish Potato Famine of 1845--9 is perhaps the most famous monoculture-related disaster. The Irish planted only one variety of potato, and the genetically identical potatoes succumbed to a rot caused by Phytophthora infestans. Compare that with the diversity of potatoes traditionally grown in South America, each one adapted to the particular soil and climate of its home, and you can see the security value in heterogeneity. Similar risks exist in networked computer systems. If everyone is using the same operating system or the same applications software or the same ... Access >>>
Premium Content for Free.
McAfee product strategy needs focus, analysts say
Slew of McAfee product initiatives pique interest of customers but industry analysts say the security giant needs to sharpen its focus.
Information security professionals on their pay, certifications
The economy is dragging down pay for information security professionals but not dampening their dedication.
- McAfee product strategy needs focus, analysts say
Due diligence processes for cloud computing compliance
Moving IT operations to the cloud requires careful due diligence to maintain compliance with HIPAA, GLBA and other regulations.
How to use an automated user provisioning system for access control
by Randall Gamby, Contributor
Re-architect your provisioning system into a first line of defense for access management.
- Due diligence processes for cloud computing compliance
Microsoft security proposal is noble, but no way
To cure the botnet plague, Microsoft wants to quarantine infected consumer PCs until they're remediated.
The Application Security Testing Gap
by C. Warren Axelrod
Application security reviews miss a critical vulnerability by not ensuring functional security.
Schneier-Ranum Face-Off on the dangers of a software monoculture
Security experts Bruce Schneier and Marcus Ranum debate the impact of a software monoculture on computer security.
- Microsoft security proposal is noble, but no way
More Premium Content Accessible For Free
Cloud and mobility in the enterprise has caused a heightened need for organizations to take a closer look at next generation authentication ...
Virtualization and cloud computing are part and parcel of enterprise networks today. Virtualization security, however, is still a bolt-on affair ...
Mobile device security is one of the biggest nightmares InfoSec pros face in the era of bring your own everything (BYOE). Simply banning employees ...