Saturday, October 11, 2008

Does vulnerability exposure scare common people?

Microsoft, Apple, Adobe and many other well known organizations have been developing Operating systems, software’s, tools, etc. that has been releasing rapidly filled with fun and bugs. These bugs are threats when they become security vulnerabilities. Security community and its users have always been aware of such vulnerabilities ever since the release of products. This has now expanded and common people are now getting access to such information and updates on threats and preventing them. It is good to have such an exposure for everyone to understand reality, though do these scare them too.

Common people who are unaware of the reality that they are “not” secure might put in all the information in certain places where they are not supposed. People exposing their info in public websites have been one level of threat and can be controlled through awareness training. Though, it is impossible to expect every man and woman in this world to become security analysts of their own computer. Are they really secure? Do they know that if they have confidential documents in their system that is still not secure? Are they aware that anyone and everyone can see what they see on their browsers? Are they sure which site to access and which ones not to?

Well, the easiest answer to all these questions is “NO”. Wouldn’t, educating common people with vulnerability info, PoC’s and exploits cause panic among them? Wouldn’t this make them feel that they are better off without a computer, rather than having one and become a popper in spending on software, and later in securing the software that sits on their system? Well, is it good to call such vulnerabilities as features (many big companies call their vulnerabilities as features)?

Think, think, think… keep thinking…

- EF

No comments: