Friday, October 12, 2007

Scathing, Scathing Critique of Application Security

A fun read - "Why does forum software has more security features than “enterprise” tool chains?"

Quote: "I am constantly amazed by the sheer lack of security in the average “enterprise” tool. I’ve looked at many over the years, and most are designed to the “soft squishy center” anti-security model. Typically:
  • Accountability is simply missing. Yes, many systems have logs, but they are business irrelevant. My personal view is that if a business person doesn’t care about a log entry, it’s not worth collecting. Accountability is the key here, not 1 GB of logs per day"
Indeed, the world of applications is ... scary!

No comments:

Dr Anton Chuvakin