Blogs
Mark Everett Hall's picture
Mark Everett Hall

Sanity as a Service

More posts |

April 20, 2009 - 12:11 P.M.

Vendors: We don't need no stinkin' patches!

. What's this?

Sometimes IT managers must feel like they're stuck in a constant remake of The Treasure of Sierra Madre, where a crook tries to trick Humphrey Bogart into believing that he is actually a respectable authority figure. You know the famous scene where the Bogart character asks to see a badge as proof and the bad guy responds:

"Badges? We ain't got no badges. We don't need no badges! I don't have to show you any stinkin' badges!"

Well, that's the case with IT vendors who constantly churn out software that is not secure and when the vulnerabilities are discovered fail to patch them. Vendors ain't gonna show you no stinkin' patches, at least anytime soon. IBM's annual X-Force analysis of software vulnerabilities reveals that of all the new software holes discovered in 2008 less than half have been patched by the vendors.

According to Georg Hess, CEO of Art of Defense GmbH of Regensburg, Germany, these are not exotic or new vulnerabilities. They're the same old cross-site scripting, SQL-injection, broken session management and other everyday flaws.

These are problems that programmers today should never introduce into their applications. Yet, they still do. And when found, the vendors should know how to quickly fix them. But they don't.

That's why Hess is bringing Art of Defense into the U.S., where, because it's the largest IT market in the world, has the greatest need for security systems. He says his company is making its North American splash this week at the RSA Conference in San Francisco by making its HyperGuard security software available. It will also begin offering HyperGuard tool in a software as a service mode.

Hess says HyperGuard protects Web applications from unpatched vulnerability attacks by understanding what unpatched flaws exist in your infrastructure, detecting attacks targeting them and either blocking them or alerting you to the problem. Hess says that some small businesses will risk getting an alert instead of stopping a perceived attack "because small businesses are afraid of losing valid traffic."

Given the sorry state of vendor patching, the Art of Defense and HyperGuard may have a long and profitable opportunity in the United States.

What is Tech Briefcase?
TechBriefcase is a new, free service where IT Professionals can Search, Store and Share IT white papers and content like this. Learn more
Bookmark content
Speed up your research efforts with content across the web.
Search and Store
Find the white papers you need. Create folders for any topic.
View Anywhere
Open your briefcase on your iPhone, tablet or desktop. Share with colleagues.
Don't have an account yet?

Related Posts

Android Market security: An interview with Android's VP of engineering
Amazon insults 0.07% of its cloud customers by charging more
Amazon EC2 cloud outage: Apology and explanation
What cloud computing means for the real world

Today's Top Stories

Essential browser tools for Web developers
Hands on: The new iPad
Microsoft cuts the prices of some Office 365 plans
Google works to overhaul its search
Mozilla will start Firefox silent updates in June
Preston Gralla: Big backlash is building against Windows 8. Will Microsoft listen?