Collaboration is way to fix a hole

Opinion

Collaboration is way to fix a hole

IT directors have come back after the Christmas break to the first big security scare of the year - a flaw affecting all versions of Windows - raising concerns about how IT departments can cope with so-called "zero day attacks".

The first exploit code was acknowledged by Microsoft on 29 December, yet the official patch has only been made available today. And there have been reports of rogue websites and virus-infected e-mail exploiting the flaw, which can infect a PC when a user opens a .wmf image.

What makes this exploit interesting is that a third-party developer, Ilfak Guilfanov, produced a workaround which was independently verified by security body the Sans Institute. This workaround proved so popular on its release that Guilfanov's website, Hexblog.com, was temporarily suspended after being inundated with download requests.

The dilemma users face is whether they should apply a third-party workaround or wait for the official patch. Installing a third-party fix works well in the open source community, but how can you be sure it will work, and what indemnities do you have if something goes wrong?

The risk may be too great for many, outweighing the protection the workaround could provide. But waiting for the official patch leaves firms vulnerable.

When an exploit is in the wild, what is needed is some way for software companies such as Microsoft to work more closely with third-party developers to fast-track the approval of workarounds, giving users protection while the full patch is being developed.

The skills you need

The reality or size of the skills gap seems to vary according to who you talk to. Many IT professionals, especially older ones, could be excused for asking, "Skills gap? What skills gap?" when they find it hard to find a job despite excellent skills and experience.

On the other side of fence, some employers who find it hard to attract or retain the IT staff they need may be tempted by the siren call of outsourcing. Others, however, see developing the skills of in-house staff as the only route to long-term efficiency.

On page 18 we examine how skills management frameworks can help to make future needs and the path to meeting those needs visible and manageable.

And, of course, building effective teams is not simply about training. Motivating and retaining skilled staff is as much about corporate culture as about training and pay, as Computer Weekly's Best Places to Work Awards, whose shortlist we will announce next week, make clear.

Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

This was first published in January 2006

 

COMMENTS powered by Disqus  //  Commenting policy