My blog has moved and can now be found at http://blog.aniljohn.com

No action is needed on your part if you are already subscribed to this blog via e-mail or its syndication feed.

Monday, December 15, 2003
« Windows Mobile 2003 and Security | Main | Authorization and Profile Application Bl... »

From the Current Issue of the CRYPTO-GRAM by by Bruce Schneier:

The Doghouse:  Amit Yoran

Here's a question: if you don't think it's possible to improve the
security of computer code, what are you doing in the computer security
industry?

"Amit Yoran, the new head of the Department of Homeland Security's
national cybersecurity division, said the administration is assessing
the impact of various regulatory proposals. One of them calls for
companies to report, through the Securities and Exchange Commission,
their preparedness for attacks on their computer networks. Mr. Yoran,
formerly a vice president of Symantec Corp., said the department is
considering other measures, though it leans toward private-sector
approaches.

"'For example, should we hold software vendors accountable for the
security of their code or for flaws in their code?' Mr. Yoran asked in
an interview. 'In concept, that may make sense. But in practice, do
they have the capability, the tools to produce more Security?'"

The sheer idiocy of this quote amazes me.  Does he really think that
writing more Security is too hard for companies to manage?  Does he
really think that companies are doing absolutely the best they possibly
can?

I can handle blatant pandering to industry, but this is just too stupid
to ignore.

The article:
<http://online.wsj.com/article/0,,SB107040249488089600,00.html>
<
http://news.com.com/2008-7355-5112350.html>

I like a man who calls it like it is :-)

Tags:: Security
12/15/2003 8:38 PM Eastern Standard Time  |  Comments [0]  |  Disclaimer  |  Permalink   
Comments are closed.