John Pescatore, director of the SANS Institute, a research an education organization, has seen security threats come and go across his 30 year career in the IT security market, which includes time spent as a Gartner analyst. The simple reality of cyber-security in 2013 is that software continues to have lots vulnerabilities, and people continue to have lots of vulnerabilities, Pescatore told eWEEK.
“Each year, we try and change some behavior on the user side, and each year attacks are becoming much more targeted and clever,” Pescatore said.
Another sad truth about the state of IT security in 2013 is that many of the same classes of flaws that existed in 2003 are still popular and are regularly exploited. The root cause of that might well have to do with flaws in how software is developed.
“Software engineering is an oxymoron,” Pescatore said. “Software development is not an engineering discipline.”