« Opinion – Personal responsibility and data theft
Certifications can be good or bad? »

Don’t put all your eggs in one basket

Looking over this week’s US-CERT Vulnerability Summary, it reminds me why we shouldn’t put all our eggs in one basket.

There are numerous vulnerabilities in security products! Sweet.

This reminds me of when a colleague PWNED a server of mine by trojaning Symmantec’s updater! Imagine that. Antivirus trojaned…

Defense in depth is key. Have redundancy where needed. And don’t believe the marketing hype.

The swath of SQL injection vulnerabilities I can handle. Much of that code is written by users who have no interest in secure software.

Security product vendors have much more to loose. Who’s going to buy a product from a vendor with a seriously weak security history?

Perhaps that’s why Microsoft’s tools are free…

Bill

This entry was posted on Monday, July 3rd, 2006 at 10:00 pm and is filed under Uncategorized. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Leave a Reply