DHS has just released a list of the 25 most common online security problems. It’s part of a greater campaign aimed at educating the general public about where the bad guys are trying to break in and how to fix those problems before that happens.
Security is on a lot of minds lately, in response to some very high-profile attacks on corporate and government websites. We talk to Bob Martin of the Boston nonprofit technology consulting group MITRE. Martin led the project and says programmers aren’t up to speed. “It’s not really their fault. It’s that we were never educating them about the kinds of things people can do to their code, how they can misuse it.”
Martin offers up an analogy to the approach to building and maintaining a site: “Think back to how many houses had lead paint on them before we realized lead paint was not a good thing.”
As for the potential fixes, Martin says they can be a resource for developers: “If I look at a painted wall, can’t tell if it’s lead or not. Same thing with these kinds of issues. They’re actually pretty hard to recognize.”
We also talk to Alan Paller of the SANS Institute, which helped launch this project. He says when a site is unstable, it creates a massive security and privacy risk for regular people. With this new program, Paller sees a future where you may be able to look at a security score before you browse: “Once there’s a scoring system, there will be a systematic way of finding out whether these sites have the simple errors. And we’re counting on people to publish rankings of these sites so that users have a knowledge about what to do.”
Also in this program, e-reader ownership is booming. But e-readers might disappear anyway.