Security is fragmenting. It used to be all that a developer had to do was rely on a good password and ACL-Access Control List mechanism, game over. Rigggghtttt. Now security is in buffer overflows, exception handling and interface handoffs. Its everywhere. And its all about hackers looking for the coding weakest links.
Now what if that weakest link is the system software – the OS, desktop or Server, the database, the App server, the ERP app ??? In short, just as applications have smeared over several servers, OS, and apps in distributed systems – so has the security problems and incidents. And with the major software vendors being anywhere from petty, proprietary, Machiavellian to benignly burrowing – one has to worry where in the Heck are the security problems surfacing ? Yep, a lot more of the pointy-pointy, four fingers back at you, blame game.
What is worse organizations have ceded to the software vendors through EULA, licensing agreements, and tantamount-to-closure almost all legal advantage. But not so for the customers, clients, suppliers and stakeholders of those same organizations. The legal bite-back could become ferocious.