Wait, what? >By analyzing publicly available federal spending and security breach data, the >researchers found<https://papers.ssrn.com/sol3/papers.cfm?abstract_id=2933577> >that a 1% increase in the share of new IT development spending is associated >with a 5% decrease in security breaches.
>"In other words, federal agencies that spend more in maintenance of legacy >systems experience more frequent security incidents, a result that contradicts >a widespread notion that legacy systems are more secure," the paper found. Um, no, that's exactly the opposite conclusion I'd draw from the first sentence. Unless maybe by "new IT development spending" they mean "rewriting stuff". But that still doesn't support the latter sentence; the two aren't connected, aren't mutually exclusive. And here's a hint: rewriting the stuff you know is busted/insecure might well be expected to result in a decrease in security breaches, and doesn't mean you're rewriting the COBOL et al. > "Maybe the conventional wisdom that legacy systems are secure could be > right," said Pang, in an interview. But the integration of these systems > "make the whole enterprise architecture too complex, too messy" and less > secure, he said. So...maybe, but maybe not? Sounds like someone wants more grant money! Maybe (probably) the paper itself is more coherent, and I realize this was The Onion-I mean, ComputerWorld-but surely someone could have read the article before they published it?! ...phsiii ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
