This story talking about the push for government regulations on security is a little scary at first glance. It seems many of the DBAs in this community are wary of government getting involved in regulating anything in IT, and not without good reasons. Regulations are often compromises, which are inherently flawed in achieving their aims, and usually end up causing more problems than they solve.
However I'm not sure this is a bad idea. How often have we had issues reverberating through the Internet because of insecure computer systems? So many companies pay lip service to the idea of security, especially with their own corporate systems. And home users are even worse, many times not even realizing that they are behind on patches.
However the patches we get are not always of the highest quality. How many times has Microsoft, Oracle, or some other vendor released a patch that causes more problems than it solves? Or breaks your critical systems? While I don't believe it's true anymore, there was a good reason not to upgrade your Microsoft software until SP1 in the past.
I think there is some compromise here. It can't be, and shouldn't necessarily be the legal system, but I think a combination of private groups, places like Secunia or The SANS Institute could provide some basic level of "patchiness" that all machines on the Internet would need to meet. ISPs could help verify this and we could even fine violators and use that money to fund research or testing of software. ISPs could even potentially cut off companies or individuals that hadn't applied their patches. There could even be penalties for vendors releasing patches that were not well tested and caused issues.
It would still give the individual choice in terms of which patches they applied and when, but they wouldn't be able to defer forever. However it could, and potentially would, increase the overall security for all citizens on the information superhighway.
Steve Jones
The Voice of the DBA Podcasts
The podcast feeds are available at sqlservercentral.mevio.com. Comments are definitely appreciated and wanted, and you can get feeds from there.
You can also follow Steve Jones on Twitter:
Overall RSS Feed:
or now on iTunes!
Today's podcast features music by Everyday Jones. No relation, but I stumbled on to them and really like the music. Support this great duo at www.everydayjones.com.
