Net Might Need Help From Feds

By Jim Rapoza  |  Posted 2002-07-08 Print this article Print

We need something. The current situation clearly isn't working.

There hasnt been a lot of good news on the Internet security front lately. Major security holes have been found in popular commercial and open-source applications, security software companies have been failing, and many businesses are cutting back on security staff and implementations.

Of course, all this is coming at a time when Internet security is more important than ever, both in its status as a core element of the economy and in its susceptibility to attacks from hostile entities. These trends have been enough to make me question some of my core beliefs in how security works.

Traditionally, Ive supported the way security companies and researchers have handled vulnerabilities. When a problem was found, they worked with vendors to announce and fix the problem; when a vendor resisted this process, the researchers carefully released information in conjunction with trusted entities such as CERT.

However, in the current environment, cracks are appearing in this structure. Some security companies are more concerned about PR and drumming up business than about doing the right thing. Software companies continue to fail to release secure code. All this is putting more stress on security administrators, who are seeing their staffs cut and their salaries fall.

These events make me consider something I would have recently been very much against. Maybe it is time for government to step in and help clean things up, preferably in a vigilance and peace-keeping mode, rather than in a regulatory mode.

Right now, the Internet is in what John Locke called the state of nature, where anyone can take from and damage those who cant protect themselves. According to Locke, the main role of government is to protect citizens from this kind of environment. We need something because the current situation clearly is not working.

Is there a remedy the government can provide for Net security? Let me know at

Jim Rapoza, Chief Technology Analyst, eWEEK.For nearly fifteen years, Jim Rapoza has evaluated products and technologies in almost every technology category for eWEEK. Mr Rapoza's current technology focus is on all categories of emerging information technology though he continues to focus on core technology areas that include: content management systems, portal applications, Web publishing tools and security. Mr. Rapoza has coordinated several evaluations at enterprise organizations, including USA Today and The Prudential, to measure the capability of products and services under real-world conditions and against real-world criteria. Jim Rapoza's award-winning weekly column, Tech Directions, delves into all areas of technologies and the challenges of managing and deploying technology today.

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel