High-tech workers have
responsibility to question security flaws
August 20, 2004
High Tech Careers
We all know about the
numerous security holes of Microsoft Windows and its associated programs,
such as Internet Explorer. We all know inherently that relying
on any one company or technology leaves us vulnerable to large scale attacks.
Still many of us, as high-tech workers and consultants, continue to use
and promote these products in our work. At what point does our reluctance
to change turn into culpability?. If we know these products to be flawed,
why aren't we searching for better alternatives? Are we really doing the
best work for our clients or are we simply trying to make it easier on
Nothing is 100% secure
The truth is, Windows isn't the only security problem on the block. Router
firmware allows crackers to alter settings and remotely control denial-of-service
attacks against others. Email software allows the propagation of viruses
and SPAM. Within a few months we might even be experiencing viruses and
worms that infect our cell phones. Still, some security is better than
none at all and, at last, some manufacturers are finally addressing security
as a major concern.
For me, the best security and reliability come from a diverse computing
environment. Instead of standardizing on Windows XP with Internet Explorer,
why not introduce a few Macs here, a few Linux boxes here. Why not give
your clients an opportunity to use Firefox or other web browsers? In this
way, one virus, one worm, one attack will not put all your computing resources
out of business. Diversity such as this, combined with vigilant security
practices on the part of both manufactures and users, can yield a robust
computing environment that is resistant to problems.
Holding everyone responsible
There is another good reason to have software and hardware alternatives
in your stable of computer systems. The best way to demonstrate your concerns
about software security is to cease using a product until security issues
are resolved to your satisfaction. "Voting with the pocketbook",
when combined with complaints via phone or mail, is one of the best ways
to make your concerns known. The truth is, if user concerns don't effect
a company's bottom line, they will not dedicate the time and energy needed
to secure their systems. If you want to change, you have to lay the groundwork
on your end, so that you have the freedom to switch whenever a vendor
is not serving your needs.
So, what does this mean to manufacturers? This means that we, as purchasers
and users require that exploits be fixed in days, not weeks or months.
We should require immediate notice of security issues and be provided
with immediate work-arounds until a fix is available. We should expect
that security will be an integral part of every software or hardware project.
Further, security issues should be part of the very fiber of the product.
It should be a consideration from the initial proposal to the final product.
Manufacturers who fail to deliver on these goals will find their market
share diminished and their profitability effected in ways they can only
The power to hold companies directly responsible for their products is
in our hands today. We only need to the forethought and the courage to
see the path. When we take the time and energy necessary to protect our
systems and set reasonable security guidelines for the products we purchase,
it will benefit everyone.
As security becomes more and more an issue in our purchasing decisions,
manufacturers will continue to improve. We owe it to ourselves, and our
clients, to push these issues as far as possible. While 100% security
is probably a pipe dream, systems which are secure should be the norm,
not the exception. The era of "security as a second thought"
is gone. We no longer have the luxury of ignoring security issues, if
we were ever able to truly ignore them in the past. It is up to us, the
high-tech workers who make everything happen for our clients, to clearly
state our goals and our needs. Then we must push manufacturers to deliver
on those needs in a meaningful fashion. Otherwise, we should vote with
our pocketbooks and look elsewhere for our high-tech solutions.
Get your copy
Available from CafePress.com