SJ Mercury/Reuters: Software industry blasted for security lapses

“A top U.S. cyber security expert blasted software developers on
Thursday for marketing flawed products that he said boosted the
Internet’s vulnerability to high-tech hacker attacks.”

” ‘There is little evidence of improvement in the security
features of most products,’ said Rich Pethia, director of a
federally funded computer emergency response operation at Carnegie
Mellon University in Pittsburgh. ‘Developers are not devoting
sufficient effort to apply lessons learned about the sources of
vulnerabilities.’ “

“He said his organization, which responded to more than
8,000 computer security incidents last year, up from 132 in its
first full year of operation 10 years earlier, had found the same
types of security defects in newer versions of products as in
earlier ones.”

Complete Story