This article is more than 1 year old
Vixie on net security woes
The solution to the planet's endless online security problems is to quit adding more technology to the mix.
That's according to the CEO of Farsight Security and one of the internet's early pioneers, Paul Vixie, who has written a blog post telling people to "stop trafficking in black boxes and magical thinking."
The problem, according to Vixie, is that rather than build up in-house understanding in the technology that companies have and run, they spend those resources paying third parties to install yet more technology to patch holes. The result: more holes.
The problem stems from the militaristic way that companies assess risk and resource allocation when it comes to security, the post argues: an approach that simply doesn't work online.
He proposes instead that companies budget for three times the cost of purchasing new technology and put the extra money into training staff, auditing existing systems and integrating new systems with old ones.
"A defender may get more advantage from turning off old unpatchable systems than by buying a new firewall," he notes. ®