Software Industry Blasted for Security Lapses
10:05 a.m. ET (1505 GMT) March 9, 2000
WASHINGTON � A top cyber security expert blasted software developers Thursday for marketing flawed products that he said boosted the Internet's vulnerability to high-tech hacker attacks.
"There is little evidence of improvement in the security features of most products," said Rich Pethia, director of a federally funded computer emergency response operation at Carnegie Mellon University in Pittsburgh. "Developers are not devoting sufficient effort to apply lessons learned about the sources of vulnerabilities."
Pethia made his comments to a congressional panel looking into the so-called denial-of-service attacks that disrupted access to popular Web sites last month for a few hours at a time.
He said his organization, which responded to more than 8,000 computer security incidents last year, up from 132 in its first full year of operation 10 years earlier, had found the same types of security defects in newer versions of products as in earlier ones.
"Technology evolves so rapidly that vendors concentrate on time to market, often minimizing that time by placing a low priority on security features," he said in a statement to a subcommittee of the House Committee on Government Reform.
The alleged lack of urgency in plugging such cracks is unlikely to change until customers demand that products that are more secure, Pethia said.
Pethia did not criticize any companies by name in his prepared statement to the panel.
http://www.foxnews.com/vtech/030900/cyber.sml
-- Martin Thompson (mthom1927@aol.com), March 09, 2000
This is hardly surprising. The special industry IT industry, with
Congress's help, has driven out the vast majority of experienced
programmers and analyst in order to keep wages down and increase the
industry's already windfall profits. The IT industry replaced these
highly experienced technicians with indentured H1B visa workers and
inexperienced college students. According to a recent article in the
Washington Post, 40% of current IT workers are eastern Indian
(http://www.washtimes.com/world/news3-02252000.htm).
According to another recent article in the Baltimore Sun, many of
these people are basically slaves
(http://www.sunspot.net/cgi-bin/gx.cgi/AppLogic+FTContentServer?sectio
n=cover&pagename=story&storyid=1150230205566).
Additionally, the H1B program has succeeded in locking out native-born
minorites (such as African-Americans) and women from the high tech
field. A new study by the U.S. Department of Commerce reports that
only 9 percent of engineers, 26.9 percent of systems analysts and
computer scientists, and 28.5 percent of computer programmers are
women. In 1984, 37 percent of computer science degrees went to women;
by 1998, that number was 16 percent. Why would any young girl want to
study IT in school so that she can be forced out at age 40 (or less)
because the wealthy IT industry soft money paid for passing special
interest legislation like the H1B?
A great site for getting the true facts concerning the so-called "high
tech labor shortage" is:
http://heather.cs.ucdavis.edu/svreport.html
Documentation supports that these companies routinely only make offers
to 2% of their applicants, hardly a shortage scenario. Instead, they
seek to maximize their profit by hiring inexperienced slaves and
then they sell the consumer a defective product. And our government
allows them to this!
-- K. Nolan (infosurf@yahoo.com), March 09, 2000.