Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Securing the 'Net -- at what price?

Taylor Armerding | July 3, 2015
There is unanimous agreement that 100 percent security is not possible. But at least one expert says it could come close to that, for US$4 billion. Others say it could cost less, but would require a lot more than money.

His fellow experts agree that would help, but note that the problem is complicated, and made more so by enemies that, to continue his analogy, would be constantly coming up with new ways to knock down improved buildings.

Stanislav said it is not the Internet itself that is always the problem. "In many cases, it's the systems connected to it. Sure, there could be better Internet data security, like updated protocols and more inherent encryption, but ultimately most breaches are not occurring because of an ISP or even a networking vendor, but due to weak passwords or buggy piece of code."

Di Bello noted, as others have, that technology cannot always trump the human factor. "Phishing is a great example of an attack vector that would be undisturbed by a change in application security," he said. "However if a newly architected communication protocol could validate the source of an email, phishing could be cut down significantly."

And Pirc, while he said he is, "a huge proponent of secure coding, I don't think that is going to fix the issues."

While it might temporarily slow attackers down, "they will soon learn other ways to exploit the software. With standards and frameworks, until people stop treating them like checkboxes, they will be ineffective," he said.

The reality, Stanislav said, is that, "the ecosystem is always changing and frameworks/standards alone cannot prevent bugs inherent to an accidental coding mistake by a software engineer writing a compiler or updating an interpreter.

"One typo in a million lines of code can be the difference between a breach and data security."

 

Previous Page  1  2  3 

Sign up for CIO Asia eNewsletters.