Nicole Perlroth
April 23, 2015
SAN FRANCISCO — The annual RSA security conference here is one of the largest gatherings of computer security professionals and companies in the world. It is also an opportunity for complaining and perhaps just a bit of navel gazing.
Where is the accountability? If 2013 was the “Year of the Breach” and 2014 was the “Year of the Mega-Breach,” 2015 may be the year that we run out of adjectives and start demanding real accountability from security vendors.
“The largest enterprises with the most sophisticated, ‘next-generation’ security tools were not able to stop miscreants from making off with millions of dollars, personal information, and sensitive secrets and damaging reputations,” Amit Yoran, the president of RSA, said in his keynote speech Tuesday.
In the cyber security industry, accountability has been in short supply, but there are hints of change. Several months ago, WhiteHat Security, the web security company, said it would start offering clients $250,000 in the event their website was breached using an attack technique the WhiteHat missed. Recently, Jeremiah Grossman, WhiteHat’s founder, said they had bumped up their guarantee to $500,000. This marked the first time a security company has done anything of the sort.
No comments:
Post a Comment