Industry View

Who Pushed Vendors Toward Better Security?

Hint: It had something to do with pressure from customers and government agencies, writes Oracle Corp. CSO Mary Ann Davidson

By Mary Ann Davidson, CSO at Oracle Corp.

Page 4

It may take three to five years for a secure configuration change to ripple through the entire product stack that must consume it. Allowing vendors to make progress at significant (major release) milestones is preferable to asking them to meet an arbitrary deadline that may force them to install products in a way that breaks everything that depends on current settings.

Even with some of the timing, scope and governance challenges of secure configuration programs, it is nonetheless a crucial means to change the market expectation for software vendors from "it's the customer's problem to configure this product securely" to "my product installs more securely than my competitor's product." Increasing the default security posture of software makes too much sense not to do it.

There is broad awareness among customers and software vendors that software security must improve. Lowering lifecycle costs to customers through secure configurations and providing them with the tools to know how much security they are getting is a critical trend that will enable the market for better software security to flourish.

Oracle Corp. Mary Ann Davidson

RESOURCE CENTER
Loading...
VIRTUAL CONFERENCE
Security Directions: A Virtual Conference

Security Directions Available On Demand Sept. 30 - Dec. 30

Join us for a virtual event with candid, expert information on top security challenges and issues - all from the comfort of your desktop.

» Register Now

WEBCAST
Protecting PII: How to Work with IT to Manage Risk

Compuware Understand the critical nature of the test data privacy problem and get tips on how to work with IT to implement a test data privacy program.

» View this Webcast

Featured Sponsors