A Complementary Approach to Reducing Vulnerabilities
نویسنده
چکیده
JOHN DIAMANT HewlettPackard Broadly speaking, the IT industry hasn’t remembered the quality improvement revolution or applied it to IT security quality. This isn’t surprising, because specialized disciplines tend to advance primarily on their own, and the cross-disciplinary application of lessons learned is less common. To make the connection clear, I start with an abbreviated history of quality and W. Edwards Deming’s role in igniting the quality improvement revolution. In the 1950s, global manufacturing quality was poor. Repeatability was poor, and defects were rampant. Deming had been developing statistical process controls and quality improvement methodologies and had been presenting this work. His ideas first gained traction with the Japanese manufacturing industry, which is why Japanese cars have been known for so long for superior quality and reliability. Of course, high quality and repeatability have benefits beyond improved reputation and market differentiation; they can also dramatically reduce costs and increase productivity. However, Deming’s quality message didn’t gain traction in the US and the rest of the world for another 30 years. What we’re seeing in IT security is much the same problem Deming saw in manufacturing quality— high incidents of defects, few quality controls, expensive rework, and so on. Consider a simple back-ofthe-envelope calculation—the US Do nothing. Wait for vulnerabilities to be discovered after release, and then patch them. Test security in. Implement code with vulnerabilities, and invest in finding or removing as many vulnerabilities as practical before release or production.
منابع مشابه
Role of Crisis Management in Reducing Socio-Psychological Vulnerabilities after Natural Disasters (Case study: Citizens of Bam City)
Natural disasters in various forms have been identified as destructive phenomena during the life of earth planet and are also a serious threat to the inhabitants of the planet. Therefore, this issue leaded to the formation of a process called crisis management which includes activities occurring before, within and after the event to reduce the vulnerability. The country of Iran is considered as...
متن کاملThe recognition of the necessity of for community-based disaster risk management to reduce the risk of vulnerability to earthquake disaster (case study: YousefAbad neighborhood of Tehran)
Disaster management and current attitudes in this area only focus on this areachr('39')s physical vulnerabilities, raising urban residentschr('39') exposure to these challenges in front of the earthquake. On the other hand, Incidental actions include reducing the vulnerability and the physical strengthening and promotion of poor organization during the disaster; they ignored the capabilities an...
متن کاملAlgebraic Matching of Vulnerabilities in a Low-Level Code
This paper explores the algebraic matching approach for detection of vulnerabilities in binary codes. The algebraic programming system is used for implementing this method. It is anticipated that models of vulnerabilities and programs to be verified are presented as behavior algebra and action language specifications. The methods of algebraic matching are based on rewriting rules and techniques...
متن کاملAn Evaluation of Large-Scale Commercial Buildings Architectural Space Indicators with an Approach to Urban Threats and Risks
Abstract: Achieving to technical criteria that by applying them in architectural design stage of large commercial buildings, considered as one of the most important uses in urban planning, can increase the level of citizens’ security against all kinds of natural hazards and threats, and reduce vulnerability and it can provide continuation of the services and activities of these buildings. The p...
متن کاملA Reflection on Resilience in Disasters; the application of Thomas A Spragens’ methodology
Reducing vulnerabilities and enhancing capacities of communities to cope with disasters could be regarded as a new model in the disaster management approach. It changes traditional passive disaster response into an active resilience-based action. This new understanding can be considered as a way of treatment to get out of the critical traditional relief assistance as well as its challenges and ...
متن کامل