Who is responsible for security: Can we move past the finger-pointing?

A flurry of worm and viral activity on the Internet raises a question more important than who to blame: What do we do about it?

No matter which operating system is running on the device you're using to read this article, you're vulnerable to being hacked. Modern operating systems are too complex to be completely secure in every respect. Let that sink in—what you are doing right now is not 100 percent secure and never will be.

Microsoft Windows is the obvious poster-child for this fact, but its well-publicized vulnerabilities to assorted recent attacks from worms and viruses is not unique. Linux, UNIX, and Mac OS X all have security flaws to one degree or another. It is just a fact of life in the Information Age.

Who to blame
You can assail the evil empire and blame Microsoft for writing an operating system with so many holes in it. You can demand that Microsoft drop all new development and concentrate on security issues; but in the end, no matter what they do, no OS is ever totally secure. If an individual wants to get into your system, he or she will find a way.

You could blame all the corporations and individuals connected to the Internet who fail to understand or even take the time to try to understand, how vulnerable the Internet is to security flaws. But the day when everyone connected to this vast array of interconnected devices realizes that we, individually and collectively, are all responsible for security may never come. So the question is: What do we do about it?

Move beyond blame
Proponents of the various operating systems, Web servers, e-mail servers, and file servers that are connected to each other via the Internet spend valuable time placing blame by ranting in newsgroups and discussion boards, but ignore this one important question: What do we do about SoBig, MSBlaster, and the next yet-to-be-released virus? What can be done about the inherent lack of security in all manner of software?

These are questions that must be addressed. It is too late and too counterproductive to worry about who did what, or which is better. As members of the Internet community and experts in information technology, it is really up to you, the software developer, to find the solutions. It is up to you to develop more secure software and systems. So, again the question: What do we do about it? Or more specifically, what do you do about it?

Finding solutions
Builder has started a discussion thread asking the development community to offer its insight into the security issues that plague, not only the Internet, but all communication systems. We want to hear some real solutions; to move beyond finding blame to finding answers. Join the discussion thread and tell us what needs to be done to make our interconnected lives more secure.

About Mark Kaelin

Mark W. Kaelin has been writing and editing stories about the IT industry, gadgets, finance, accounting, and tech-life for more than 25 years. Most recently, he has been a regular contributor to,, and TechRepublic.

Editor's Picks

Free Newsletters, In your Inbox