"The truth is, much of the problem is technological.
SQL injection attacks are an example. Currently, every application
programmer is expected to parse input for this. But many
application programmers hardly know what a database is, much less
how to protect against all the possible variations of SQL
injection. The ones who do know that are the database developers.
Therefore, the security community should be calling for all xDBC
libraries to include methods to validate input for applications.
"The F-Secure report cited botnets as one of the primary
security concerns. The root cause of botnets is spam Email. If this
were not such a lucrative business, it would not be such a problem.
One of the solutions is to force strong authentication in Email
protocols. And this is just one example. The security community
should support an organization that could act as consultants to
protocol committees to define strong security solutions for
Internet protocols. That organization could also focus on
convincing vendors and users to implement those solutions."