Home » Data Protection » Application Security

Opinion

The Vulnerability Disclosure Game: Are We More Secure?

Marcus Ranum looks at whether the disclosure process has done any good

By Marcus Ranum

Page 3

on CNN one more time. I have news for you: Most of the computer users on the planet wish you’d find some other use for your talents—something that actually does help.

Computer security needs to grow the hell up, and needs to do it pretty quickly. It seems that virtually every aspect of life is becoming increasingly computerized and exposed to online attack. The problem is getting more significant the longer we wait to deal with it, but the early history of computer security has been a massive disappointment to all of us: huge amounts of money spent with relatively little improvement to show for it. One of the reasons is that a huge amount of that effort has been wasted, barking up the wrong tree. Unfortunately, if you look at the last 10 years of security, it’s a litany of "one step forward, one step back," thanks in part to the vulnerability pimps, parasites and snake-oil salesmen who flocked into the industry when they smelled money and a chance to get some attention. At this point, they’re so deeply entrenched and vested that they’re here to stay, unless the industry as a whole turns away from rewarding bad behavior. If you’re a customer or end user, you can see how well disclosure worked to improve your security over the last decade. Let me be frank: It’s up to you.

Marcus Ranum, CSO of Tenable Network Security, is internationally recognized as one of computer security’s visionary thinkers. Since his early involvement with security in the late 1980s he has been involved in every stage of the security industry, from coding the first commercial firewall (DEC SEAL) to acting as founder and CEO of one of the early IDS innovators (NFR). He lives in the middle of nowhere in Pennsylvania.

Related Articles