Time to Shield Researchers
Research is the backbone of the security industry but the legal climate has become so adverse, that researchers deserve protections from lawsuit, SecurityFocus contributor Oliver Day argues.
Contracting for Secure Code
The availability of software security guidance, training, and tools hasnt made much of dent in the number of attacks, says SecurityFocus contributor Chris Wysopal. Time to hold third-party software vendors accountable.
A plan by the Australian government to mandate that Internet service providers filter illegal and objectionable content is wrongheaded, but has the kernel of a good idea, says SecurityFocus contributor and attorney Mark Rasch.
Dont Blame the Browser
Attacks on Web browsers underscore that we need to get away from quick-fix remedies, such as security patches, and on to more permanent solutions, says Comodo CEO Melih Abdulhayoglu.
Resurrecting the Killfile
Blacklisting offensive or malicious content is not new, but most computer users are not availing themselves of this useful protection, says SecurityFocus contributor Oliver Day. Using a killfile of bad hosts -- or a whitelist of good ones -- can mean safer browsing and no additional software is necessary.
Time to Take the Theoretical Seriously
Waiting to fix security problems until an attack is in the wild or for proof-of-concept code is published guarantees that customers will not be protected, argues SecurityFocus contributor Chris Wysopal.
The Drew Verdict Makes Us All Hackers
The four misdemeanors in the MySpace suicide case is perhaps the worst possible outcome, especially for security researchers and white-hat hackers, argues attorney and SecurityFocus contributor Mark Rasch.
MD5 Hack Interesting, But Not Threatening
When an international team of researchers unveiled the first practical attack on MD5-based digital certificates, they had decided not disclose to the issue to company most affected, VeriSign. Tim Callan, vice president of product marketing for the company, explains how, four hours later, VeriSign had eliminated any threat.
Time to Exclude Bad ISPs
The takedowns of Atrivo, EstDomains, and McColo show that the system for policing hosting providers is weak. It's time to form a group, including security researchers, to set standards, says SecurityFocus contributor Oliver Day.
Standing on Other's Shoulders
While security researchers like to highlight their differences with academic investigators, they should start emulating their more staid colleagues in one important way: crediting others, says SecurityFocus contributor Chris Wysopal.