Imho, it is sometimes easier to use technology to 'cover up' and address threats arsing from human mistakes and foibles via automation, rather than try the 'educate and proceduralise everything' approaches. e.g. - coding mistakes - configuration mistakes - lax patch management - poor password choices - opening/running malware - exec/mamanegment directing poor environment security onto IT teams - dis-affected employees and users/customers - <insert your favourite security errors here>
Lyal -----Original Message----- From: Nick Murison [mailto:[EMAIL PROTECTED] Sent: Thursday, 30 June 2005 1:09 AM To: [EMAIL PROTECTED]; [email protected]; [EMAIL PROTECTED] Subject: The biggest thing affecting software security? People, apparently. Hi all, www.threatsandcountermeasures.com just closed their poll on what people thought was the biggest thing affecting software security. The results were: People: 80.3% Process: 18.2% Technology: 1.5% Results also available from www.threatsandcountermeasures.com/PastPolls.aspx. If this is the case, then why is there such a huge financial investment in security technology? Is the human factor expected to magically improves once we've got the "right" technology? For our new poll, Threats and Countermeasures are asking what people consider to be the more secure web application development platform; JSP, PHP, ColdFusion, ASP.NET or old-skool CGI. Best regards, -- Nicholas John Murison ~~~~~~~~~~~~~~~~~~~~~ http://www.urgusabic.net
