Wednesday, December 30, 2009

Every Software Vendor Must Read and Heed

Matt Olney and I spoke about cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 role of a Product Security Incident Response Team (PSIRT) at my SANS Incident Detection Summit this month. I asked if he would share his thoughts on how software vendors should handle vulnerability discovery in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ir software products.

I am really pleased to report that Matt wrote a thorough, public blog post titled Matt's Guide to Vendor Response. Every software vendor must read and heed this post. "Software vendor" includes any company that sells a product that runs software, whecá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r it is a PC, mobile device, or a hardware platform executing firmware. Hmm, that includes just about everyone cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365se days, except cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 little old ladies selling fabric at cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 hobby store.

Seriously, let's make 2010 cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 year of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 PSIRT -- cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 year companies make dealing with vulnerabilities in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ir software an operational priority. I'm not talking about "building security in" -- that's been going on for a while. Until I can visit a variation of company.com/psirt, I'm not satisfied. For that matter, I'd like to see company.com/cirt as well, so outsiders can contact a company that might be inadvertently causing trouble for Internet users. (And yes, if you're wondering, we're working on both at my company!)

No comments: