The Levels Of Trust When It Comes To Documenting Security Flaws

If you are just a user of the computer and the internet, then the system can all seem very solid and seems as if nothing can harm it. But if you are someone who helps to maintain systems on the internet or if you are someone who creates web sites, then you probably think of the web as fragile. When you are on the outside looking in you have no idea on what it takes to make the whole thing work. Even if you have a business on the web or you write and create content for the web, unless you are actually behind the scenes creating the site you still do not get a good idea on how complicated it can all be. But if you work behind the scenes creating web sites or making sure that everything is secure then you know firsthand how a wrong move can bring it all down.

levels-of-trust

To make the internet as efficient as it is now you have to have a lot of levels of co-operation. The web as a whole is global so it cannot be run by just one company or one government and thought to be that everything is OK. No, these different entities need to be able to work with each other so that the internet can stay the same entity that it is now. But even when everyone has the best interests of the web in their minds, co-operation can still be muddled and everything might not work out according to plan.

This is what you see when it comes to the sharing of security problems on the web. We all know that there are vulnerable security holes all over the internet right now. That is what happens when you use software that is created with millions of lines of source code. It becomes very hard to maintain and you start to get leaks that the bad guys will be able to use. They use it as a way to get into the system.

Security companies

So to stop this from happening we have security companies whose main focus is to try and protect us from the threats that are out there. Some of the security companies are the creators of software tools such as antivirus and internet security programs. Other security companies have people who will go into your office building and test out your network right on the spot (penetration testers). They will see if they are able to get in and if they are able to get in they will tell you what you need to do in order to protect yourself. It is almost like having a burglar break into your home and then after he does it, tells you everything that you need to know in order for it not to happen again. All of these security companies share in the same goal in that they are trying their best to protect the end user.

But sometimes these security companies find a flaw that no one else knows about. This happens a lot because most of these security companies have research staff whose only job is to try and find vulnerabilities in different types of systems which can be exploited. So if the security company is able to find the vulnerability and no-one else is, what happens to the people who are using the protection software of the other companies? Well, most of the time they end up protected as well. They are protected because these companies usually share any vulnerability that they may find. It is in everyone’s best interests for protection software to work so you try your best to keep competitors and the company which created the software informed. But these companies do not do this in an open forum. No, they try their best to keep the process a secret. Because if they do not, and the bad guys are able to get their hands on the vulnerability before it can be either patched by the vendor or have a vulnerability signature written then that leaves a lot of systems that are out in the open. And when the people become infected, they are going to blame the protection software more than they are going to blame the actual culprit.

Security holes

But when you have a system like this you still have to worry about holes in it. The bad guys will try their best to get any information that will give them a leg up including paying someone on the inside to get it. There are millions of dollars at stake and that means you have to pull out all the stops. While this type of vulnerability sharing is effective it does have its drawbacks that you have to worry about. But that is what happens when you have any system that has to rely on a big number of people.

About Lee Munson

Lee's non-technical background allows him to write about internet security in a clear way that is understandable to both IT professionals and people just like you who need simple answers to your security questions.

Speak Your Mind

*