2008: The security wishlist

Summary:There's no sense in making predictions in the security space. There will be more creative attacks and vulnerabilities will multiply at a rapid clip.

There's no sense in making predictions in the security space. There will be more creative attacks and vulnerabilities will multiply at a rapid clip. Meanwhile, unsuspecting (or just plain stupid) users will enable hackers. All of those items are a given. But we can outline a few items that sure would be nice to have.

Here's my wish list for 2008:

A new QuickTime. Let's face it QuickTime is a sieve when it comes to security. Meanwhile, QuickTime is everywhere. Add it up and Apple has two choices: Keep patching QuickTime in an effort to keep up with flaws. Or rebuild QuickTime. Instead of patching QuickTime repeatedly Apple should launch a do-over. New features? Who cares? Just make QuickTime secure.

Take Web 2.0 security seriously. Shared APIs are great. Social networking features are wonderful. There's a lot to like about Web 2.0. But as these technologies make their way to the enterprise these composite Web apps will have to become more secure. IBM is pondering the policy implications for so-called Enterprise 2.0. You should too.

End the monoculture. Every IT shop out there should incorporate one word into its strategy: Diversify. In an effort to cut costs, find one throat to choke and simplify infrastructure technology managers are using fewer vendors (Microsoft, Oracle, SAP). What happens if this core software is hacked? The problem with monoculture is most evident with Windows. Diversify your operating systems. Sprinkle in Linux and Apple OS X along with Windows. Are the maintenance requirements more complicated? Possibly. But there are security benefits to be had.

Real penalties for data breaches. 2007 was the year of the data breach and TJX was among the headliners. TJX took a nice sized financial hit, but Wall Street largely gave the company a pass. Same store sales also held up so it's not like customers fled the retailer. This scenario plays out repeatedly. The current state of affairs has to change. I hate to say it but regulation may be the answer because executives just don't take protecting consumer data seriously--unless there's a breach of course. The costs associated with data breaches are on the rise, but by not enough to change behavior.

PC makers focus on security vulnerabilities in software updates and crapware. HP has been taking its lumps over flaws in its Software Update feature embedded on laptops. Memo to Dell: Get ready, you're next. Hackers will increasingly target hardware makers, which bundle in more and more software to automate customer support and gain slotting fees from software companies.

Topics: Software, Hardware, Hewlett-Packard, IBM, Mobility, Security

About

Larry Dignan is Editor in Chief of ZDNet and SmartPlanet as well as Editorial Director of ZDNet's sister site TechRepublic. He was most recently Executive Editor of News and Blogs at ZDNet. Prior to that he was executive news editor at eWeek and news editor at Baseline. He also served as the East Coast news editor and finance editor at CN... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.