WHITE PAPERS SPONSORED PROFILES JOB BOARD WEBINAR CENTER FREE SOFTWARE BZ RESEARCH ALMSHAREPOINT EVENTS CALENDAR PRINT/PDF EDITION PRINT/PDF BACK ISSUES

SUBSCRIBE TODAY CUSTOMER SERVICE EDITORIAL BEATS GUEST VIEW GUIDE SD TIMES 100 GUIDE EVENTS CALENDAR ADVERTISING ARTICLE REPRINTS REPORT A BUG SITE MAP

ABOUT US BZ MEDIA NEWS BZ RESEARCH NEWS ON MONDAY SPTECHREPORT SPTECHWEB SPTECHCON IPHONE/IPAD DEVCON ANDROID DEVCON PRIVACY POLICY CONTACT US

HOME >> ZEICHICK'S TAKE

Zeichick’s Take: Securing the data

By Alan Zeichick

December 19, 2011 — Whose fault is it when data is stolen? It’s rarely blamed on the programmers.

If a company executive leaves a laptop filled with confidential data in a taxicab, you probably wouldn’t blame a software developer. Instead, you’d presumably ask, why was that data on the laptop to begin with? I’ve often wondered why corporate executives have access to customer card information in the first place, and why security policies allowed such data to be downloaded to any end device, especially a not-locked-down laptop. But you wouldn’t blame the programmers.

If an unencrypted data backup tape disappears en route to a secure offsite facility, you’d yell at a sys admin, not at a C++ coder. “Why wasn’t the data encrypted?” you’d want to know. “How could it be written in plain text?” That’s the fault of the backup software, or again, security policies—not the programmer who wrote the applications whose data is being backed up.

Now, whom do you blame when hackers violate credit-card terminals? My family’s local grocery store—a Lucky store in Millbrae, Calif.—was recently penetrated by so-called skimmers, who tampered with in-store card readers and grabbed up to 500 customers’ credit card numbers. As far as we can tell, our credit card wasn’t compromised, but you can trust that we’ll be scrutinizing the Visa bill extra closely from now on.

Certainly you can blame Lucky for not ensuring the physical security of those devices. But what about the back-end programmers for the grocery chain? How about the embedded developers of the card reader’s firmware? Or how about any number of applications that were involved, from the credit-card clearinghouse to the bank? Could programmers be in any way responsible? Could they have done something, anything, to prevent this incident?

The reality is, well, no. It’s unlikely, especially since the devices were physically tampered with. But even so, it’s impossible for programmers to anticipate every possible scenario, or to model every type of threat to a complex web of applications developed by many companies, and administered by many companies.

Just as no series of locks and alarms can truly prevent a home from being targeted and robbed by criminals—or burned down by arsonists—there’s an increasing awareness that there’s nothing that developers can do to protect today’s modern interconnected application 100%. But that doesn’t mean that we shouldn’t try.

Alan Zeichick is editorial director of SD Times. Read his blog at ztrek.blogspot.com.

Related Search Term(s): security

Share this link: http://sdt.bz/36202

Most Read Latest News Blog Resources

Virtualization: Not just for machines anymore
Network virtualization allows multi-tiered applications to behave as though they were in a physical network

Magic announces the release of its revolutionary mobile offering for the development of business applications, with new native clients for iOS and Android platforms
Magic announced today the availability of native iOS and Android clients for its mobile enterprise application platform

Achievements and learning: Gamification comes to businesses and schools
Startup takes page from gamers by offering achievement marks to get developers more engaged in their projects

Zeichick’s Take: The handheld and the tablet, circa 1976
Texas Instruments' and Hewlett-Packard's calculators were doing things decades ago we take for granted today

Virtualization: Not just for machines anymore
Network virtualization allows multi-tiered applications to behave as though they were in a physical network

Achievements and learning: Gamification comes to businesses and schools
Startup takes page from gamers by offering achievement marks to get developers more engaged in their projects

Google talks tools at AnDevCon III
New 3D debugging tool and recent ADK changes are detailed by Google developers at the third Android Developer Conference

SmartBear rolls out new quality solution: API Complete
Software gives organizations ability to write test scripts and monitor APIs by bridging the DevOps divide

Creation
To write better software, cultivate your ability to be creative.

Slick...but who needs it?
compilr.com is a well-designed site and the folks behind it seem to have their heart in the right place. But...who needs it?

How to be a better software developer
Want to be a better developer? You won't get there by mastering an interesting language or learning a new set of APIs.

Wooing Galatea
Do yourself a favor and check out Galatea 2.2, a wonderful book by novelist Richard Powers.

Five SCM Best Practices Two-thirds of all software projects fail, according to the Standish Group’s CHAOS study. Improper usage of software configuration management...

Best Practices for Branching and Merging Patterns

Development teams often create a branching pattern, usually drawn out on a white board or in a Visio document, that is used as a model to...

Automated Error Reporting We invite you to read a short e-zine that tells you all about automated error reporting for .NET applications. This 8-page e-zine is packed...

The End of Application Redeploys Imagine that every time you wanted to write, send or receive an email, you needed to restart your computer. How much time would this take, a...

Technorati

Digg

Slashdot

Facebook

Friendfeed

Twitter

del.icio.us

Cigital Develops Ready-to-Use Tools for Securing the Smart Grid Cigital Inc. announced the release of the Guide to Developing a Cyber Security and Risk Mitigation Plan.

Department of Homeland Security lays down security suggestions Common Weakness Enumeration version 2.0 highlights flaws in software development practices

Metadata Security for SharePoint Adds Security Permissions Titus Metadata Security for SharePoint allows permissions to be assigned based on the recipient's Active Directory properties

Add comment

Name*
Email*
Country

Comment

Cigital Develops Ready-to-Use Tools for Securing the Smart Grid
Cigital Inc. announced the release of the Guide to Developing a Cyber Security and Risk Mitigation Plan Read More...

News on Monday
more>>
SharePoint Tech Report
more>>

Download Current Issue
MAY 2012 PDF ISSUE

Need Back Issues?
DOWNLOAD HERE

Want to subscribe?

Creation
To write better software, cultivate your ability to be creative.
05/19/2012 07:40 PM EST

Slick...but who needs it?
compilr.com is a well-designed site and the folks behind it seem to have their heart in the right place. But...who needs it?
05/16/2012 12:45 PM EST

How to be a better software developer
Want to be a better developer? You won't get there by mastering an interesting language or learning a new set of APIs.
05/14/2012 12:18 PM EST

Wooing Galatea
Do yourself a favor and check out Galatea 2.2, a wonderful book by novelist Richard Powers.
05/12/2012 07:05 PM EST

The world as story
An artificial-intelligence system at Carnegie Mellon seeks to understand the world by making statements about it.
05/10/2012 06:39 AM EST

The Rise of the Brogrammer, or the Rise of the Sexist Programmer?
Women in Silicon Valley get vocal about sexist ads and campaigns that contribute to a tense work environment.
05/09/2012 03:14 PM EST