Gartner Blog Network


Another Security Dot Dot Dot Friday

by John Pescatore  |  May 14, 2010  |  Submit a Comment

Today’s the final flight of NASA’s Atlantis Space Shuttle. While we never did get anything like Tang out of the space shuttle program,  NASA did force space shuttle software developers to move up in the software Capability Maturity Model Integration levels – we never seemed to have a major software glitch in the shuttle program, and I don’t think any of the astronaut’s credit card information got stolen…

Speaking of mature software development processes, Cigital released an update to their Building Security in Maturity Model, which I posted about here.  Good to see Adobe, EMC, Intel, Microsoft and Nokia on the BSIMM advisory board…

On the not-so-secure software front, looks like Facebook’s CEO is trying to have a Bill Gates 2002 moment and try to change Facebook’s DNA to make Facebook see privacy of users’ information as a major feature, vs. as an obstacle to selling advertising around their information. I’m skeptical of advertising supported IT being able to change its DNA, but I’d certainly like to see Google, MySpace, Twitter et al make security and privacy Job One…

That uneasiness about advertising supported IT is why I sort of got the willies when I read that Android smartphones outsold iPhones in the US in 1Q2010. Now, Apple is certainly not an enterprise vendor, but it actually  does sell IT, vs. advertising, for a living. It seems like just yesterday that all I ever heard was “They want to use iPhones” and already its “They want to use Android phones”?? Actually, the reality of the consumerization of IT is that it will always be “They want to use the newest toy that was just on TV”…

Of course, IT groups have always had new toy-itis – We have to use DCE! We have to use object oriented yada yada! Process control systems must move to Windows! .Net! Service oriented, enterprise service bus, cloud-based, business process driven, lemon-freshened…

Now, security groups do often seem to go to the other extreme – Why can’t you just play with these nice safe Legos? You don’t need a new Wii game, our old Atari works just fine – Pong is a very safe game. I know – let’s show the user their last login time and then blame them if they don’t notice someone used their account. That worked fine in the old TSO days…

Maybe that’s why a good number of security folks seem to be ham radio operators (I’m K3TN) – if Morse Code is good enough for us to communicate with, who needs these new fangled smartphones anyway?? Congratulations to W7HAS, Cybersecurity Czar Howard Schmidt, on being appointed to the ham radio CQ Hall of Fame

Category: 

John Pescatore
VP Distinguished Analyst
11 years at Gartner
32 years IT industry

John Pescatore is a vice president and research fellow in Gartner Research. Mr. Pescatore has 32 years of experience in computer, network and information security. Prior to joining Gartner, Mr. Pescatore was senior consultant for Entrust Technologies and Trusted Information Systems… Read Full Bio




Leave a Reply

Your email address will not be published. Required fields are marked *

Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.