Go ahead and blame Chase for breach, but also blame software vendors

If you are among the 76 million JPMorgan Chase customers or 7 million small businesses whose data was breached, you have a lot of people on whom to focus your anger. First and foremost is the security team at Chase. 

But not far behind are software companies, in general. So says Rajesh Goel, chief technology officer at Brainlink International, whose accusatory comments were reported by SCMagazine last week. 

Goel told the publication that many software and security vendors are “a HINDERANCE to security, not an asset”  because they’re constantly pumping out buggy products. Banks, which are held to higher standards for protecting customer data, are falling victim to inferior products.

 “The software industry does NOT have to comply with the same consumer protection laws as everyone else,” Goel told the magazine.

He advocated that governments take notice and raise the stakes for vendors to raise quality standards. 

“Software vendors however, keep shipping insecure, buggy hardware and software, with no real thought to security.  Software should be held to the same standards as airplanes, cars, food and water.  It IS that important to our well being and society.”

Amen, our brother. Preach it.

As we’ve said on this blog repeatedly, software runs the world today. It is mostly responsible for making sure your family arrives safely on a plane trip. It monitors your personal security. It connects you to the world. 

Why aren’t more companies obsessed with quality? 

Software shares the blame for epic BP explosion, oil spill, court says 

Here’s another great example. Last month, a court ruled that the massive explosion of a BP oil rig and subsequent leak into the Gulf of Mexico had its roots in software failures.

According to news reports, an investigation found that crews failed to run a software program called a Cement Bond Log that would have spotted weaknesses in cement that was being pumped into the well. That was more of a human failing. 

However, earlier findings also blamed IT systems, specifically failed backup systems for an emergency oil control device. 

BP, of course, “strongly disagrees with the decision … by the United States District Court for the Eastern District of Louisiana and will immediately appeal.” 

Network outage at Rice. Let’s party. 

In a smaller-scale software failure recently, the very advanced students at Rice University were faced with a very Stone Age problem: No Wi-Fi access on campus. The horrors. 

Fortunately, the campus has a great, on-campus bar, where you don’t need Wi-Fi to have a good time. 

But for those who needed internet access to study, well, student Rachel Gray had this to say: “The Wi-Fi has been more unstable than my ex-boyfriend.” 

According to the campus newspaper, campus Director of Rice Networking, Telecom and Data Center (what a job title!) William Deigaard described the cause as a software failure. 

“The three major SSID that we offered [were] all completely down, which is incredibly rare,” he told the paper. 

The crash notwithstanding, a lead student consultant on the school’s help desk says Wi-Fi issues related to bad drivers and bad certificates are common. 

“The drivers for Windows 8 and Windows 8.1 weren’t very good when they were released,” Galen Schmidt told the paper. “Some of the updates to Macs have caused certificate problems.”

Image: Wiki Creative Commons