Security
Subscribe to this site with RSS
Why don't companies buy more secure software?
Balancing security and functionality is nothing new. But is there a way to fairly allocate the security costs to the users who benefit from the functionality? We ask the LinuxWorld OpenSolutions Summit keynote speaker Bruce Schneier.
LinuxWorld: Welcome to the Linux World Podcast. Hi, I’m Don Marti, and I’m here with Bruce Schneier from Counterpane Internet Security. Welcome, Bruce.
Story tools
Sponsored by:
E-Mail article
|
|
Print article
|
|
Contact author
|
|
AIM article
|
del.icio.us |
Reddit
|
Digg
|
Stumble
|
Slashdot It!
|
Bruce Schneier: Thanks for having me.
LinuxWorld: Why don’t companies buy more secure software, or at least why don’t they buy less insecure software?
Schneier: You know those of us in the security industry have been wringing our hands over that question for years, for decades. Why don’t they do it? There are a couple of reasons. The first is -- it’s sometimes hard to tell what a secure product is. I can hold up two products; they use the same buzzwords. They have the same protocol standards. What is secure, and what isn’t? And you don’t know. And these might be security products. These might be networking products or office products. It’s very hard to tell what a secure product is and what an insecure product is. That’s reason one
The second reason, companies actually don’t want to be secure, that’s wrong. They want to be secure, but it’s more important to be able to do things. So, installing a firewall, which would make you a lot more secure, a company is going to configure it pretty much open because it allows them to do peer-to-peer file sharing or use this application or do that or check their mail from afar -- all those things they want to do that go against security. So, when security goes against functionality, it often loses, especially at the high level. You can tell a lowly employee to be secure, but you’re not going to tell the CEO. That’s the second reason.
The third reason is that a lot of the insecurities we see don’t affect the company at the boardroom level. A worm and a virus attack, which might make all the tech staff scramble and work without sleep for 15 hours, the CEO doesn’t see. He doesn’t care. As far as he’s concerned that worked out great. Why bother spending? So, you have a whole lot of factors in play. It’s not that companies don’t want to be secure; it’s that they either don’t care or don’t know how or don’t understand they’re not.
Note: Register to have your user name appear; otherwise your comment will show up as "Anonymous."
*Anonymous comments will only appear once they are approved by the moderator.
• Dell puts Linux and Atom in Vostro PCs
• Mozilla names best Firefox 3 add-ons
• Torvalds: Fed up with the 'security circus'
• Dell Latitude ON - big win for Linux
• Open source advocates hail appeals court ruling
LinuxWorld Conference and Expo San Francisco, August 4-7, 2008.
Linux Plumbers Conference Portland, OR, Sept. 16-19, 2008.
FreedomHEC Santa Monica, November 8-9, 2008.
Featured Whitepapers
| The Trend from UNIX to Linux in SAP(r) Data Centers |
Why don't companies buy more secure software? By Anonymous on February 15, 2007, 2:19 pm Reply | Read entire comment Bruce is a goot thinker, in IT security area, I agree. But isn't he overvalued often, also by himself?
Why dont companies buy more secure software? By Tony McNamara on February 17, 2007, 9:58 pm Reply | Read entire comment Answer: The people who make the buying decisions don't fear any sanctions if private data gets leaked; what they fear is the opposition getting ahead of them in...
All comments (2)