It is impossible to ignore the absolutely significant debriefing regarding hacking recently – not only the private corporate sector, but also many state institutions, as well as even large financial structures that are rarely mentioned in this context, were under attack.

 

That is, despite the emergency release of critical Microsoft updates for their Exchange, as well as the planned release of a set of updates and patches containing 89 fixes for critical aspects of the functioning of the software environment in the corporation’s products, the question of the quality of response to known security problems remains unresolved.

 

The global nature of the latest hacker attacks, which became possible after serious planned work on the part of the attackers, has created a serious precedent, the conclusions of which, after a final investigation, will definitely change the paradigm of the distribution of responsibility in terms of software security.

 

 

According to preliminary conclusions, the concept of the final product itself is clearly undergoing quite serious changes: that is, if we talk about the spirit and meaning of the standard license agreements of large companies, they try to abstract as much as possible from possible security incidents.

 

Of course, in the case of timely and recommended updates, the threats are minimal, but nevertheless they are there; therefore, companies specializing in security (producing antivirus programs and other programs with advanced comprehensive protection, up to full integration into the environment) are now coming to the fore, offering solutions for monitoring the information environment of companies.

 

In any case, a dangerous precedent is created, as, for example, in the case of the release of emergency patches to Exchange Server, when a vulnerability was exploited for several months in a row, in addition, at least a partial leak of Microsoft source codes was confirmed, and perhaps these materials allowed, presumably, to automate the process of hacking many corporate networks.

Definitely, there will be those companies that want to reconsider their relations with the manufacturers of such software due to the currently inadequate security policy and the timing of the release of patches to them.

 

The most advanced companies are likely to want to rework existing license agreements on an individual basis, and may also want to switch not to an agreement (an offer agreement), but to the terms of a real contract, sealed, for example, with digital signatures of companies or users, thus showing a completely different level of mutual responsibility: users and companies, in addition to the cost of purchasing, for example, an operating system, can provide telemetry data and other information, which, in fact, also has a certain final price, and quite high, and the manufacturer-guarantees the maintenance of the relevance of security systems and compliance with the security standard, at the same time, for example, offering security testing to everyone with a clear reward system, since they themselves can not cope with such a task…

Leave a Reply

Your email address will not be published. Required fields are marked *

GPD Host Contacts
GPD Host Social
Pay with Confidence

Copyright © 2015 - 2020 GPD Host All right reserved.