You are all missing the point of the article. Not only do I agree with the points made, I'll further the argument. Several posters have touted how their organization wasn't affected, well your not exactly right. The Internet as a whole was affected. Now that the telecom and American businesses have forced labeling the Internet as critical national infrastruture these viruses pose a threat to American National Security (not my words, talk to attorney general). Additionally, several telecom voice and data service networks were impacted by these little outbreaks (I don't think its any secret that the number of dropped calls increased). Furthering the agument that yes, you were affected by the virus even though your little isolated island was patched, prim, and proper.

So the point of the artical is to open peoples minds to the fact that patching your own systems is not enough. All systems including consumers, must be "fixed". Level your sites on the companies (plural) that release weak code and hit them where they will feel it, directly in the pocketbook. Don't try to justify fines against the microsofts of the world, but just stop collapsing under the pressure of the jugernaut to upgrade to the latest and greatest gee wiz package on the market. One of the other posters mentioned that we must continue to do our job, well that includes writing standards and requirements that force security checks through testing and certification processes. Apply security focused influence on vendor and software purchasing selections. Remember its your money, just stop spending it.

Where I disagree is letting government lead the charge against this problem. Government is usually distracted by lobbies and the protection of big business to complete regulation, legislation, or guidence that actually solves any problem with sensibility.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/185/22328#22328