Readers Respond: Act as if You Care About Security

Readers respond to the eWEEK editorial, "Act as if You Care About Security."

Peter Coffees Epicenters column, "Act as if You Care About Security," was one of the best—if not the best—articles I have read on the subject of protection of assets (May 29). His line, "If you dont protect your assets, the law may do no more," is so very true.

I was asked to perform a security survey soon after retirement from the government. The report was not well-received, and the person asking for the survey was rebuked—by the same supervisor who [commissioned the survey in the first place]. That was back in 1991. Things always seem to stay the same.

The security community needs stirring up real good.

William J. Warnock
Supervisory Security Specialist
Court Security Division
U.S. Marshals Service (Retired)

Peter Coffees May 29 Epicenters Column, "Act as if You Care About Security," makes a very valid point about the consequences of ignoring common practices—one that can also be extended to source code access control.

With more than 500,000 instances of Reflector, Java decompilers and other free source code extractors for .Net and Java out there, releasing .Net and Java applications without obfuscating them is tantamount to distributing the source code.

For many, this is not an issue (and might even be a benefit); for those who have embedded [intellectual property] or do not want to make it especially easy to probe an application for vulnerabilities, not obfuscating is like leaving your keys in the car, not locking your front door and so on.

Sebastian Holst
Senior Vice President, Sales and Marketing
Preemptive Solutions
Mayfield Village, Ohio