Net Might Need Help From Feds
We need something. The current situation clearly isn't working.There hasnt been a lot of good news on the Internet security front lately. Major security holes have been found in popular commercial and open-source applications, security software companies have been failing, and many businesses are cutting back on security staff and implementations. Of course, all this is coming at a time when Internet security is more important than ever, both in its status as a core element of the economy and in its susceptibility to attacks from hostile entities. These trends have been enough to make me question some of my core beliefs in how security works.
Traditionally, Ive supported the way security companies and researchers have handled vulnerabilities. When a problem was found, they worked with vendors to announce and fix the problem; when a vendor resisted this process, the researchers carefully released information in conjunction with trusted entities such as CERT.