Federal Bureau of Insecurity?

In a press release earlier today the FBI is patting itself on the back regard the apprehension of 3 bot herders.

Yup, that’s right an entire press release devoted to that. I’m not sure if I should be happy that the FBI is now realizing that botnets are a threat, or saddened that it took this long for them to get onboard. Those of you in the corporate world may not know of REN-ISAC or the work that they do, but in my opinion this organization does more damage to botnets in a week than the FBI does in a year. Granted, I don’t know what super secret files the FBI is keeping on these bot herders, but perhaps that is part of the problem. Botnets and cybersecurity as a whole is a larger problem than the FBI can handle. For that matter, it’s larger than any single organization. Significant improvements in cybersecurity can’t be realized until we have more organizations, like REN-ISAC that cross organizational, state, and international boundaries and work together.

I just read a blog post by Jeff Jones at http://blogs.csoonline.com/days_of_risk_in_2006 that details the days of risk associated with a vulnerability and is categorized by software vendor. I have a problem with the huge differences in time – to – patch. Obviously some of these vendors (Microsoft & Apple) have developed some best practices in the area. Why can’t the other’s follow suit? In an organization that is home to a myriad of hardware and software platforms, the lack of routine patch schedules is a huge problem for me. Like the FBI and Sun Micro., we can continue to bury our heads in the sand and ignore cybersecurity, or we can build on the work of others like REN-ISAC, Microsoft, and Apple and try to DO something to make the web a better place.

…don’t you just feel all warm inside now…