Whole Network Most Recent TOP10 CIO Outsourcing SaaS Security

« EDS bags Kraft foods IT... | Main | Extended Business... »

 

Interview with Security Officer of GM

Filed in archive Security by prashanth on May 01, 2006

Interview with Security Officer of GM

Computerworld has an interview with General Motors CISO (chief information security officerlinks), Eric Litt....His goal: present to the hackers his look at the problems large corporations face when dealing with software vulnerabilities -- and the manner in which they are disclosed and remedied.

Excerpts from the same:

Why is this issue of vulnerability disclosure practices so important to you? If you are a CISO, you really are stuck in the middle between a bunch of different constituents that are out there. You have the researchers and the academic folks and then you have the software vendors -- and we have to deal with the cards that get dealt to us. Somebody releases off-the-shelf software and it has got vulnerabilities in it. If those vulnerabilities don't get plugged, I have to deal with the fact that I have vulnerable code in my environment. Then we have people out there who are trying to figure out how to hack into an environment or to exploit a vulnerability, and they may be doing it for different ethical or nonethical reasons. And I have to try and protect my environment.

Microsoft has drawn a lot of criticism for its security failures. How do the other major vendors compare? I think Microsoft is an easy target, so people pick on Microsoft all the time. You can complain about Microsoft all you want, but you also have to recognize they have made significant investments, and I think they have made significant progress. They are still not where we want them to be, but they are significantly better. Then you start looking at the other people and say, "What kind of a job are they doing?" There was one who released 82 or 83 patches very recently. Not stellar, right? I am glad they were released, but on the other hand, you are talking core business systems here. With those kind of changes in the software, did they all happen to be discovered at the same point in time or were they just held back? And how long was I vulnerable that I didn't know I was vulnerable? So Microsoft is not the only one with this problem. And quite frankly, I think some of the other vendors are in denial, and they are the ones that worry me the most.

Prashanth Rai



Advertisement




Permalink: Interview with Security Officer of GM
Tags: Security  GM 

Trackback: http://www.creative-weblogging.com/cgi-bin/mt-tb.pl/21139



Related Entries:

ETrade Puts a Stake in the Ground But The Cost of End User... - 03 March 2005

Does Your Company Need A Chief Security Officer (CSO)? - 13 September 2005

Consolidation....IT Vendors - IDC - 13 December 2005

MySpace Hires Head Security Officer - 17 April 2006

EDS bags Kraft foods IT Outsourcing deal - 01 May 2006

Nissan goes with Hyperion - Consolidation Management Of... - 24 June 2006

Job Security: Be Flexible Like Gumby - 25 September 2007

Oracle To Release 27 Security Fixes - 13 January 2008

GEMoney Announces Security Breach Affecting Over 600,000... - 21 January 2008

Malware Authors Exploit Actor's Tragic Death - 23 January 2008

Advertisement


Advertisement


RSSrss   | See all blog subscribe options
Googlegoogle   |   What is RSS?
Yahoo!yahoo
AddthisAddThis Feed Button
BloglinesBloglines
Newsletter

Use our search feature to look for other interesting posts

Just this blog Whole network


 

  • Advertise with us

  • Learn more about our advertising options or email advertising - at - creative-weblogging.com or give Luis a call at +1 (650) 331 8047.


  • Testimonials

  • 'I don't really think you should keep testimonials from the last guy here, do you?'

  • Other blogs in the same channel in the Creative Weblogging Network







 

Find more recent entries from our other publications:

Nanotechbuzz

UK Raises Nanotech Health Fears

Introducing Nano-Link

Florida State University to Spin Off...

Nanotubes Punching Holes in Cancer

Transparent Waterproof Coating

HackITLinux

Hacker Installs Debian on a T-Mobile G1

Windows 7 vs. Linux

Introducing Intrepid Ibex

Picasa bumped up to version 3

Broadcom WiFi drivers

On Storage

Sun Intros Unified Storage Appliances

SpiderOak Releases Version 2.0

LaCie and Carbonite Partner to Offer...

IBM - on the move with solid state...

Storage industry - reshaping Overland...

P2P File Sharing

BitTorrent Cuts Staff, Will Close...

Fung Asks B.C. Supreme Court to Rule on...

Introducing UK Music

Textbook Torrents closes

Vuze 4.0 to be released

Java Entrepreneur

Sun and Microsoft Partner on Search

Sun Intros GlassFish Enterprise Server...

Nokia Enhances SNAP Mobile SDK

SOAP to get rest with REST

MySQL Co Founder plans to quit since...

The VoIP Weblog

Comcast, Time Warner Top Keynote VoIP...

Raketu Intros Version 3.0

Ooma Adds New Features

Sponsored Post: AutoMAID Ultra Green...

So you want VoIP in you Call Center

RFID | kinkaa - the meta travel search engine for Europe. Find the cheapest flights, cheapest hotels and best rental cars from hundreds of providers instantly.

About the company | Advertise with us | Disclaimer | Privacy Policy | Refund/Return Policy

All Creative Weblogging sites are built in accordance with the Google Webmaster Guidelines and IAB guidelines.

Tagcloud: CIO Data Storage Enterprise Hardware Enterprise Software Events General Help Desk And Support Integration Software Management Market Perturbations Networking Offshoring Outsourcing SaaS Security SOA Sponsored Posts The Cloud The Vision Thing Virtualization