Punishment vs. Prevention

[ Thanks to JJS for this link. ]

"The truth is, much of the problem is technological. SQL injection attacks are an example. Currently, every application programmer is expected to parse input for this. But many application programmers hardly know what a database is, much less how to protect against all the possible variations of SQL injection. The ones who do know that are the database developers. Therefore, the security community should be calling for all xDBC libraries to include methods to validate input for applications.

"The F-Secure report cited botnets as one of the primary security concerns. The root cause of botnets is spam Email. If this were not such a lucrative business, it would not be such a problem. One of the solutions is to force strong authentication in Email protocols. And this is just one example. The security community should support an organization that could act as consultants to protocol committees to define strong security solutions for Internet protocols. That organization could also focus on convincing vendors and users to implement those solutions."

Complete Story

Related Stories:

• Why Does Microsoft Always Get A Free Pass? Why Does Big Business Reek So Badly?(Dec 04, 2008)
• Public Key Crypto for Enterprise Users(Dec 04, 2008)
• Technology, Innovation and the Challenge of the Missing Standards(Dec 03, 2008)
• Growth in Internet Crime Calls for Growth in Punishment(Dec 03, 2008)
• 40 Open Source Tools for Protecting Your Privacy(Dec 03, 2008)
• 10 Mistakes New Linux Administrators Make(Dec 01, 2008)