By: Emmanuel Carabott

Emmanuel Carabott — Wed, 18 Aug 2010 10:42:26 +0000

I understand what you mean Andy and you’re right. However if one just uses a product without testing it first he’ll be incurring risks regardless. However this is not about blaming the users or anyone else. Testing software you buy is not a natural thing to do and I wouldn’t expect the majority of people to think of it. The idea here is to raise awareness that just because one buys a piece of software it doesn’t automatically make him safe.

Testing is not the only option either; if the software just bought is considered a potential security risk and deployed in such a way that the environment is protected in the event that it is compromised, that will also work.

However if one neglects to take any precautions and just uses the software, he will be taking risks and if that software get compromised he will be the one exposed.

I also agree that it’s human nature and most people will not think about this aspect at all, they will buy software and then deploy it as quickly as possible. That’s the reason for this article after all. Hopefully people will spare a thought on this subject after reading this and not take 3rd party software for granted.

By: Andy R

Andy R — Thu, 12 Aug 2010 06:45:36 +0000

It’s hard to put the blame on the user’s end of course. Just as how you never normally test drive a car for safety features, you don’t spend good money on a product to test its security problems. I know the analogy doesn’t apply to all aspects of the two products, but it’s only natural consumer mentality to want to use a product for what it’s meant for, and not to run it through personal QA for another couple of months after you’ve bought it.

Comments on: Securing your environment from the threats you actually paid for

By: Emmanuel Carabott

By: Andy R