From eWEEK:

 

July 31, 2002

Clarke Lambastes Software Industry

By  Dennis Fisher



LAS VEGAS—The government's top information security official sharply criticized the software industry, ISPs and the government itself for a lack of commitment to security. Saying that the current climate demands more and better security, Richard Clarke, chairman of the President's Critical Infrastructure Protection Board (PCIPB), said it was time for a change.

"The software industry has an obligation to do a better job producing software that works," Clarke said in his opening keynote speech at the Blackhat Briefings security conference here Wednesday. "It's no longer acceptable that the number of vulnerabilities identified goes up every year."

 

Clarke's comments drew cheers and applause from the audience, an eclectic mix of security professionals, hackers, federal officials and academics.

He cited Microsoft's Trustworthy Computing effort as a step in the right direction, but said that vendors as a rule need to write better quality code.

"We also need an improvement in the quality of software engineering. It's clear that what we're doing now isn't working," Clarke said. "I welcome Bill Gates' pledge, and I will hold him to it. I think we should ask other vendors to do the same thing."

Clarke's comments were part of a preview of PCIPB's forthcoming national cybersecurity strategy, which it will unveil Sept. 18 in Silicon Valley. The document will address security problems in several key market segments, including banking and finance, chemical manufacturing, IT and education. Clarke singled out several industries as bearing the lion's share of responsibility for the current security problems facing the country.

He was particularly critical of vendors who sell wireless LAN gear and ISPs. Citing the Department of Defense's recent decision to turn off all WLANs in its facilities, Clarke said other organizations should do likewise until there are better methods for securing these networks.

Clarke lambasted ISPs for failing to alert consumers to the dangers inherent in having an always-on broadband connection.

"Every ISP that offers broadband ought to be offering a firewall," he said. "If you ask ISPs off-the-record why they don't, they'll tell you it's too expensive and they want broadband to be cheap. So they want to make it cheap for people to be hacked."

During his speech, Clarke also emphasized that he was not satisfied with the government's participation in the process of securing the Internet, but made clear that he had no intention of pushing for government regulation in this area.

"I don't want the government controlling regulating the Internet, but there has to be a middle ground where the government doesn't walk away," Clarke said. "Whose responsibility is it to think about the health of the Internet? It's all of us, but the government has a responsibility too."

 

 

 



The WEDI SNIP listserv to which you are subscribed is not moderated. The
discussions on this listserv therefore represent the views of the individual
participants, and do not necessarily represent the views of the WEDI Board of
Directors nor WEDI SNIP. If you wish to receive an official opinion, post
your question to the WEDI SNIP Issues Database at
http://snip.wedi.org/tracking/.
Posting of advertisements or other commercial use of this listserv is
specifically prohibited.

Reply via email to