Home / Weblog Consulting Services Publications
Speaking and Media About Dana Contact Dana
Search

www www.danavan.net
Google
Archives:
Categories
Subscribe (RSS)
This weblog is licensed under a Creative Commons License.
Creative Commons License
Weblog



April 7, 2004
MIT's take on Internet Security and Software Liability

Jeff Schiller, network manager at MIT, discusses security on college campuses, and offers his beliefs on why things are done they way they are with commercial software.

Being in the software development business ourselves, I think that it's very important to reflect on some of these issues we deal with every day. We're constantly asked about the security of our software, and frankly, we've put every effort we can into making the end software secure and stable. Unfortunately, this is not the case with a lot of software makers on the market. Software is a tough business and one that's ever-evolving. There are greater minds than mine on this subject, for sure, but it's up to the software companies, both small and large, to reset the expectations that the public has on how usable, secure, stable, and fun (yes, fun) we can make our products. Peoples lives are surrounded by software, and it's critical that we realize that fact and develop our wares in such a way that we improve the user's experience with our tools and improve their quality of work-life through the value that our software adds.


...Some interesting dialog from the interview...
S: Do you mean the end-user software?
JS: Yes. I mean basically every computer connected to the Internet. Put another way, you should not depend on the network to provide protection for your computer.

S: What about the firewalls and network security software?
JS: The firewall was never an integral part of the Internet architecture. Firewalls developed because end-host software wasn’t secure. A lot of software, particularly on PCs, was designed in the days before networks. It was designed to run on personal computer hardware that was not very sophisticated when the PC first appeared. So, putting protections into end user software is difficult. Then add to that various marketing pressures…for years security was simply not a priority. When you went to vendors, Microsoft and others, and said, “You should be putting some time and effort into making sure the software is not buggy as all-get-out,” the answer was, “Well, we promised we’d ship by Friday, and you know, this is Internet time. We’ve got to get this stuff out there—nobody cares about security anyway.”

And so, with that kind of history, firewalls got developed because quite frankly, the network managers were told to “do something,” and that’s the kind of thing you can do. But don’t mistake that to mean that the only way to have a secure network is to have a network that is restricted or closed.

[via Sylabus]

Posted by Dana VanDen Heuvel at April 7, 2004 9:43 AM | TrackBack
Post a comment






Remember personal info?







Email This to a Friend
Email this entry to:

Your email address:


Message (optional):