PRO+ Premium Content/Information Security magazine

Thank you for joining!
Access your Pro+ Content below.
September 2008

Viewpoint: Vulnerability researchers doing more than 'search'

Bug Finding: Ethical and Necessary Regarding Bruce Schneier and Marcus Ranum's "Is Vulnerability Research Ethical?" (Face-Off, May 2008), the question may as well be: "Is it Ethical to Force Automobile Companies to Crash Test Their Cars?" Would Microsoft ever have gotten a clue about reducing programming mistakes without the constant stream of security revelations about its software? Have any other vendors been significantly better than Microsoft on mistake reduction? It's a shame Ranum didn't bother to speak to the question, but rather chose to trot out examples of poorly done software development. It's interesting how similar Ranum's list of "counterexamples" is to vulnerability research: "This should be fixed, that should be fixed, and that new thing on the Web shouldn't be going on at all." It's also interesting that Ranum sheds some light on the design side of the problem. We commonly look on our security problems with software as mistakes made in implementation. Sometimes though, the sources of these problems go all the ...

Access this PRO+ Content for Free!

By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.

You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

Features in this issue

  • Product Review: Workshare Protect Premium 6.0

    Workshare Protect Premium 6.0 seeks to eliminate the malicious or accidental leakage of sensitive corporate data.

  • Security Services: Symantec Online Fraud Protection

    Symantec's Online Fraud Protection service includes an initial on-site assessment, phishing and transaction monitoring, incident response, monitoring of malware targeting the company's brand and analysis of new malware behavior.

  • Product review: AirDefense Enterprise 7.3

    AirDefense's AirDefense Enterprise 7.3, a wireless intrusion detection and intrusion prevention tool, has new features including support for Power over Ethernet (PoE) for its sensors, a new user interface, overhauled reporting and new features such as WEP cloaking, advanced forensics, spectrum analysis and a centralized console to manage appliances.

Columns in this issue