ZDNet UK


Skip to Main Content

ZDNet.co.uk - Winner of Best Business Website 2007
  1. Home
  2. News
  3. Blogs
  4. Reviews
  5. Prices
  6. Resources
  7. Community
  8. My ZDNet

 

ZDNet UK RSS Feeds


IT Jobs

Security threats Toolkit

Infosecurity Europe 2008

Vendors urged to take responsibility for security

Colin Barker ZDNet.co.uk

Published: 23 Apr 2008 12:18 BST

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

While companies may go to great lengths to ensure their IT environments are secure, technology vendors need to do more to make sure their hardware and software is up to scratch, according to security experts.

At a panel debate at Infosecurity Europe 2008 on Tuesday, security experts lined up to put some of the blame for hackers finding ways to exploit code on software makers. "Applications have become the new target for attacks," said Alan Paller of the SANS Institute, and referred to one Oracle user he claimed had suffered 80,000 attacks on its systems.

Rhonda MacClean, chief information security officer for Barclays, explained in detail how her company routinely tests the security of most of the software it buys in from suppliers.

ZDNet.co.uk blogs

Microsoft's pre-modern message puts a new face on Vista

Over at ZDNet.com, Ed Bott reports a first sighting of Microsoft's eagerly awaited $300m ad campaign...

Read blog +

"Using someone else's software does not abdicate you from responsibility for the security of the code," MacClean said, and added that the constant updates and service packs made life especially difficult for in-house IT people. "Just when you got used to the code, a new version comes along."

But despite the shortcomings of some software makers' code, IT departments are ulitmately responsible for the code they use within their organisations.

"We want code that as far as security is concerned is A+," MacClean said. "But when we tested code [at Barclays] we found a lot of it was C-."

According to MacClean, the problem is relatively easy to improve. "We talk to [the suppliers] about the problem and we have got much better code as a result," she said.

  • Email
  • Trackback
  • Clip Link
  • Print friendly Print with Dell
Infosecurity Europe 2008

Did you find this article useful?
4 out of 4 people found this useful


Talkback

Post a comment


Full Talkback thread

1 comment

  1. Vendors urged to take responsibility for security ator1940

Related Links

More in this Special Report

Blog: Social networking and portability

Blog: Social networking and portability

One of the more interesting speakers at Infosec's "Locking Down Social Networking Vulnerabilities" event today was Giles Hogben of the European Network and Information Security Agency (ENISA) more

ICO: Data-protection spot checks due this year

ICO: Data-protection spot checks due this year

The information commissioner has confirmed that his office will be getting new powers to carry out spot checks on any company in the UK holding data on individuals more

Infosecurity Europe 2008: Preview

Infosecurity Europe 2008: Preview

Over 11,000 delegates and 320 exhibitors will attend one of Europe's largest IT security shows on Tuesday at London's Olympia conference centre more

Security breaches down, says IT security report

Security breaches down, says IT security report

The latest Information Security Breaches Survey has reported that while the number of security breaches has fallen in the past two years, the average spend on defences has increased more

Facebook admits to increased attacks by spammers

Facebook admits to increased attacks by spammers

The social-networking site has come under increased attack by spammers and phishers this year, according to its head of security more

Security industry gears up for biggest UK event

Security industry gears up for biggest UK event

Infosecurity Europe 2008 is underway in London and will include keynotes and product demos from the some of the leading organisations in IT security more

Vendors urged to take responsibility for security

Vendors urged to take responsibility for security

When it comes to the security of hardware and software, suppliers should be put on the spot, argue experts at Infosecurity Europe 2008 more

Media lobbying 'watered down' data-misuse laws

Media lobbying 'watered down' data-misuse laws

As a result of media lobbying, the information commissioner says another serious data breach will need to occur before prison sentences for data misuse are imposed more

HMRC data loss blamed on targets

HMRC data loss blamed on targets

Merlin, Lord Erroll, believes targets and budgets rather than individuals should be blamed for the loss of 25 million UK citizens' confidential records last year more

Former White House adviser talks mobile threats

Former White House adviser talks mobile threats

Security strategist Howard A Schmidt discusses whether mobile attacks are overhyped and what new risks have been introduced by virtualisation more

Security expert voices virtualisation concerns

Security expert voices virtualisation concerns

Mikko Hyppönen, chief research officer for security specialist F-Secure, claims virtualisation technology will have its own specific security threats more

Lord: No proof any data was lost from HMRC

Lord: No proof any data was lost from HMRC

Security expert Merlin, The Earl of Erroll, claims no evidence has come to light to prove data was actually lost in last year's HMRC missing-disc incident more

More In Security threats


Company/Topic Alerts

Create a new alert from the list below:








Related Jobs

Backbone Network Engineer

Help design data centre installations and build-outs - Capacity planning - Troubleshoot a wide range of issues - Escalation point for network related ...

Linux Redhat Systems Administrator - Windows XP, Network Connectivity

You should have strong get up + go as well as good user communication skills + ability to influence SLA suppliers when required. You will be a Linux ...

HCM Business Transformation Consultant (Europe)

We help our clients to provide employees with the ability to find the right information, to connect to experts and to build effectiveness of non ...

Featured Talkback

What was achieved there is recognised to be of fundamental importance to both winning the war (Churchill visited to say 'thank you' to them) and the development of the computer. Maybe Bill Gates doesn't want to support this museum because it underlines where electronic computing started i.e. here, not the U.S.

By: 1000103773

Read full story:
Bletchley Park faces bleak future

Sentry Posts Blog

Mobile Security Expert: Your Camera Ph...

Mobile Security Expert: Your Camera Phone Got Hacked Author: Eric Everson, Founder MyMobiSafe.com Have you ever heard someone say “I’d like to be a fly on the wall in that room.”?... More

Post a comment

Skype - The Roach Motel

Here is an interesting article from The National Business Review, pointing out once again that you can never delete a Skype account. Never. Period. This is something I am familiar... More

Post a comment

The vPhone: Why Visa Should Go Mobile

The vPhone: Why Visa Should Go Mobile Author: Eric Everson, Founder MyMobiSafe.com With all of the success of Apple’s iPhone, there is a growing case to support a company like Visa... More

Post a comment

Featured Oracle Resources

businessfirst: Ideas to help small companies retain their successful entrepreneurial spirit

Oracle ONE Magazine: Technology solutions for midsized businesses February 2008 edition

Choosing a Reliable and Powerful IT Infrastructure at a Price You Can Afford

Database Consolidation: Reducing Cost and Complexity

Ensuring Data Protection for Growing Business

Oracle for medium and emerging businesses: protect, strengthen and enhance your organisation

Oracle partner network solutions catalogue

See All White Papers