When legitimate security researchers notify technology vendors about security flaws in their technology, the best thing that the vendor can do is to welcome the information with open arms. When a vendor reacts with hostility it appears as if the vendor is attempting quash the security research instead of resolving the vulnerabilities identified by the research. While the hostile reaction is usually an attempt to “save face” it usually does the opposite and sends a dangerous false message to the vendors customers. That message is “We care more about saving face than we do about your security.” On the other hand… Vendors that work with security researchers in a positive and friendly manner send the message that they “care about the security of their customers”. This Forbes article contains key examples of “Software Bug Blowups“, in fact, it even covers the SNOsoft + HP + DMCA fiasco that happened back in early 2000.
As the list of nations claiming they were targeted by Internet attacks emanating from China continues to grow, the world’s most populous country has turned the mirror back on other governments.
In statements made in the Chinese Cadres Tribune, Vice Minister of Information Industry Lou Qinjian claimed that the United States and other “hostile” governments were attacking China’s infrastructure, according to a news report carried by wire service Reuters. Lou recommended a collection of new measures to combat the attacks, including “toughened censorship, new security bodies and commercial controls,” stated Reuters.
Click here for the full article.
For all of you who wanted “proof” about the cyberwar between China and the US, here’s an article for you. Unfortunately I think that China is in a better technological position with their “Golden Shield” firewall than we are with our ad-hoc Internet infrastructure. Specifically if you consider that “Golden Shield” is rumored to be IPS capable.