For the last Tuesday in April, we have a few privacy and security bits and bytes to start your week.
Trending Now – 5 Things Every Company’s Data Security Program Should Include
JD Supra Perspectives has published a short article (disclosure: quoting this author) that can get people talking this week. Get it here and circulate it. The 5 things could jump start your own data security program.
Tech Heavy Hitters Fund Open-Source Project
By now, you likely are aware that the Heartbleed bug originated in a coding error in OpenSSL – an open-sourced Secure Socket Layer program. Open source is good code in most respects, having been contributed to and tested by hundreds of experienced users. But therein lies the problem as well. There is no real QA. Code is contributed and usually uploaded on the fly and bugs are reported by the user community with fixes also contributed. The Washington Post reported that a group called the Core Infrastructure Initiative will pull together companies including Amazon, Cisco, Facebook, Google, IBM, Microsoft, Intel and others. Each company has agreed to pledge $100,000 per year over the next three years to fund this initiative to help prevent pervasive security vulnerabilities in the future.
In the interim: make sure you know what open source code your developers are using and how that code can affect your end users and customers.
Read more here – The Washington Post (registration may be required)