Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Security Alerts for the Rest of Us

I hate reading vulnerability bulletins. Talk about dense material. I sometimes find it difficult to follow explanations about systems I understand well, let alone those about systems I use but don't fully understand.

And I know I'm not alone. Network administrators who aren't immersed in security are just as disadvantaged.

Discuss Join other NWC readers in discussing this article.

The responsibility to issue easily understandable alerts lies with vendors. Not every product user is an expert, but all users need to be aware of security problems so they can take corrective action. This will be difficult, but not impossible. Last November, for instance, Microsoft began issuing separate alerts for technical and nontechnical people. This is a step in the right direction, and I can only hope other vendors follow suit. But you can't leave everything to the vendors.

Nearly all vendors and a few security researchers offer some sort of rating for new vulnerabilities. Although the ratings indicate how serious the author thinks the vulnerability is, you or someone in your organization will have to make that determination once the impact on your network is understood. This may sound obvious, but a threat to your DNS involving spoofing may seem low grade until you realize exactly how much trust we place in an untrustworthy system.