vote
 |
|
This week, I sat down with Dave Shackleford, Vice President of the Center For Internet Security, a non-profit enterprise whose mission is to help organizations reduce the risk of business and e-commerce disruptions resulting from inadequate technical security controls. Dave is also a SANS instructor and courseware author, well-known in his field, so it was a pleasure to get to talk to Dave about CISecurity.org.
As most people know by now, the majority of malware takes advantage of one of two things - human error and poorly configured systems. This is not to say that the actual exploitation doesn't require a real flaw of some sort - a buffer overflow is still a buffer overflow. However, if you prevent access to the service with the problem in the first place, or lock down the permissions so that the exploit can't really do any damage, then you're striking at the root of the problem anyway.
| | |
| |
|
|
