Security, 1994-2004: Then And Now

Security, 1994-2004: Then And Now
Daniel Hanson, 2004-10-20

Comparing the state of security in 1994 versus 2004, has anything really changed over the course of ten long years?

Expand all | Post comment

Security, 1994-2004: Then And Now 2004-10-20
tbird@precision-guesswork.com (1 replies)

And what those all have in common... 2004-10-25
Roger

Security, 1994-2004: Then And Now 2004-10-21
elmurado

Security, 1994-2004: Then And Now 2004-10-21
CR

Security, 1994-2004: Then And Now 2004-10-21
Saphire

Security, 1994-2004: Then And Now 2004-10-24
David Prinzing

Security, 1994-2004: Then And Now 2004-10-25
Tisca774

Security, 1994-2004: Then And Now 2004-10-25
Anonymous#1

Security, 1994-2004: Then And Now 2004-10-25
Mene Tekel

The main difference I see is that security no longer is a state of mind, as it was back then. These days, security is an off-the-shelf product that you slap on to your system, or downloadable vendor patches. It's not even up to the sysadmins to decide on security changes -- it's done the corporate way, with security as a product, only to be obtained from a vendor.
The average 2004 sysadmin is blissfully ignorant about how his or her systems really work, and won't examine or fix security problems, as that's as likely to get him fired as anything.
Where this becomes a big problem is with in-house software, which has a MUCH lower quality level today than in 1994, when it often was coded by the admin who ran the system, or at least was examined and tested by someone who understood the environment and security.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/272/28846#28846

Security, 1994-2004: Then And Now 2004-10-27
Anonymous