Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: InfoSec Poll Results - PollSANS Internet Storm Center InfoSec Poll Results


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Poll Results

0 % =>Vendors
18.2 % =>Programmers
0 % =>Schools/Universities (for not teaching better programming and such)
0 % =>Software Architects
0 % =>Nobody
0 % =>I am responsible!
0 % =>Government
0 % =>Users
0 % =>Other (please comment)
Total Answers: 2246

Selected Comments

  • criminal hackers....
  • I blame EULAs. If software faced the same product liability laws as, say, household appliances, then the situation would be much different -- for the better.
  • damn hackers
  • any person with a computer
  • all choices except "Nobody"
  • TCP/IP architects (Vint Cerf, etc)
  • I've been plotting this since 1966.
  • companies that save on IT know how
  • Creative bad guys
  • Absentee ISPs
  • Clueless lusers who continue to buy ill-conceived, insecure, but shiny software from slipshod companies who know that someone else (e.g., the ISC, S.P.U.T.U.M., etc.) will clean up their messes for free.
  • I did it. My bad.
  • don't believe you can place blame, it is an evolution of technology and exploitation, Good vs Evil
  • leadership in the public and private sector who won't / can't understand what is need to secure the networks for which they are responsible.
  • How about the black hats? We would not have a "sorry state" if not for them.
  • ISP
  • Advertisements that suggest that you can use a computer on the net without knowing anything about them
  • because they encouraged such an unsecure system in the first place. They should have promotes a secure system.
  • company managers' deadlines.
  • If users demanded security like the demanded features and low price, they would have security just as they have features and low price.
  • lack of general understanding of how to regulate but still cultivate opportunity
  • Business and Government are both responsible, government because they didn't regulate ISVs for security issues and business because good security used to cost too much to develop
  • greedy corporations and lavar burton
  • Crackers
  • Internet designers/software vendors
  • dishonest, unethical vermin
  • currently we are all to blame, programmers, hardware vendors, and those that exploit the poor designs, higher standards through quality
  • Dancing pigs trump security every time
  • ISP's are responsible for allowing connectivity to clueless people for years WITHOUT basic firewalls
  • E. All of the above! Like most problems it is not just on single point of failure but a mulitude points of failure. Everyone has the responsibilty to do their part to maintain security.
  • All
  • collective responsibility, we are all in it
  • If you want to make a change, take a look at the man in the mirror.
  • In soviet russia, security forks you!
  • Lazy hackers. Had they started earlier everything would be better now!
  • everyone
  • ISPs who allow their users to be spam/virus launch platforms because they are ti impotent to control Port 25 responsibly
  • How is it sorry?
  • "People" in general--if the bad guys didn't get off causing problems and getting into other peoples' systems, there wouldn't be a problem. The vendors/authors aren't the root cause, they're simply the vehicle for the Black Hats
  • It's just not fully evolved yet, that's all.
  • It is a combination of careless users (sometimes unwilling to educate themselfes) and programmers that expect too much of their average users. Of course those, who exploit this situation are not free of guilt either...
  • "Internet" security woes fall squarely on the users and any entity that has established a system to communicate via the "internet" as the threats and risks of such a medium are known. Who is responsible for the security of the community? The community a
  • All of us. We let it happen.
  • Linus Torvalds and his Merry Band of Twelve Year Olds (Who find flaws in Windows.) - Have I covered all bases?
  • administrators - they are the ones that care for the vulnerable systems after all.
  • Lack of focus on application security at all levels. Executives lack of understanding, software developers not designing for security and everyone who doesn't understand enough to see the concern.
  • I reject the premise of the question.
  • ACLU and other groups who are more concerned with protecting rights than majority safety. Internet could have been secured years ago.
  • and those doing the attacking
  • Poll Archives

    1. How bad do you think Badlock will be?
    2. The end of XP is looming where are you at?
    3. What is going to trouble you the most in 2014?
    4. What are your plans when XP is no longer supported?
    5. What is your main concern about Java?
    6. Which of the following issues impacted the most your business in 2012?
    7. What are the top 5 unresolved (or underresolved) security issues of 2012?
    8. Cyber Security Awareness Month Activities 2012
    9. Are you currently using a Security Information and Event Management (SIEM) solution to collect security logs?
    10. Which security patch delivery schedule do you prefer? Choose according to your role-- if you install the patches yourslef, choose the system administration option.
    11. Which security patch delivery schedule do you prefer?
    12. Phishing and client side attacks, the future?
    13. What security issue concerns you the most this year?
    14. Do you monitor or otherwise secure your printers in your environment?
    15. In the coming 12 months, what is your deployment plan or status with IPv6?
    16. How are you dealing with Malicious Domains?
    17. How is your organization dealing with Windows executables?
    18. Which of the following issues affected your business in 2010?
    19. What is your biggest fear with Mobile Devices in your enterprise?
    20. The most annoying web application attacks are ...
    21. What is your opinion of the actions of the "Microsoft-Spurned Researcher Collective"? (Full disclosure with no vendor notification)
    22. How do you protect your internet connected mobile devices such as smart phones and PDAs from malware and how do you know it works?
    23. How is your organization handling PDF documents?
    24. What DNS server do you use as a resolver?
    25. I back up data on my home PCs...
    26. Do you have port 445 blocked at your firewall?
    27. How many insider threat cases have you dealt with so far this year?
    28. Trial software and Bloat pre-installed on new PCs...
    29. Has your organization dealt with any of the following during the past 12 months?
    30. Do you use virtualization in the DMZ?
    31. Defective harddisks under warranty, containing sensitive data...
    32. Microsoft's 'responsible' behavior in releasing MS09-017 was:
    33. Does your organization have a pandemic plan?
    34. Our web application security is controlled by:
    35. How was your organization affected by Conficker C?
    36. How is your organization handling Conficker C?
    37. If you plan to deploy, or have deployed Wireless, in what frequency do you plan to deploy 802.11n?
    38. Have you received notification that you are the victim of a security breach? If so, did you receive an offer for credit monitoring?
    39. How is the economic downturn affecting your IT Security Program?
    40. My security budget for 2009 is:
    41. Has your organization suffered a DDoS (Distributed Denial of Service) attack in the last year?
    42. How are you securing your Wireless Networks?
    43. How are you handling the “out-of-band” MS08-067 patch?
    44. What activities are you having for Cyber Security Awareness Month?
    45. When was your last Incident Response Test Exercise?
    46. How are you handling the DNS vulnerability issue?
    47. How do you handle data leakage protection?
    48. How do you secure remote presentation software (Webex, Netmeeting, etc)?
    49. What have you done to secure your home networking equipment?