Crowd Sourced Quality Assurance

No Security, No Safeguards, No Service

It has been a while since my last post, so let us catch up on some very interesting trends that have been gaining momentum.

Since we last met, there have been a number of interesting events in the industry.

A number of high profile folks have been scanning the entire Internet, and documenting the results

Standards increasing requirements for the disclosure and remediation of security vulnerabilities

Browsers and web-portals are now remotely and aggressively blocking plugins

A string of major companies have announced internal compromises

Let us take a moment to digest that information.

We have a growing amount of unmoderated bulk scanning of the internet taking place, we have standards groups moving to require responsible disclosure and remedation, and we have controls clamping down on the portals to the Net.

The future is clear.

If you require the Internet in order for you to do buisness (yes, that is most of you), then you are going to find yourself starting to proactively address security conserns in short order.

It took only minutes for researchers to discover and communicate the compromise and hosting of malware at NBC's websites; the sites was blocked and filtered shortly after. It took hours for NBC itself to announce and remediate the problem.

How much buisness would you like to do this year?

How many hours of downtime can you afford to loose?

It's no longer a case of Hackers directly taking you down with a DDoS or defacement.

Instead, your customers will now see the roads to your front door closed or detoured by the major gateways on the Net.

When building out you infrastructure, remember to aim for a Defensible Network Architecture; Don't fall victim to the fallacy of the 'Internal Network'