The state of information security is pretty poor, and large organizations have neither the time nor the money to continue to add security safeguards onto their networks to protect them against the latest threat du jour.
I believe we are at a tipping point when CIOs push back on their vendors with a new "enough is enough" acquisition policy. In 2009, expect large organizations to establish a new acquisition policy mandating that their vendors either deliver secure products or lose their business.
What do I mean here? CIOs will demand that IT vendors provide:
1. Secure product design, … Read more