ITXPO - Security in CEO spotlight

ORLANDO (10/24/2003) - Three of the IT industry's top CEOs have claimed that security is a manageable challenge, despite lingering problems, including the obstacles posed by Web services.

In talks at the Gartner Symposium/ITxpo conference in Orlando this week, Microsoft Corp. CEO Steve Ballmer, Intel Corp. CEO Craig Barrett, and Hewlett-Packard Co. CEO Carly Fiorina addressed what they claim is now the industry's top priority.

"It's still not good enough, but we have made dramatic strides. I know we need to do better," Ballmer said.

Ballmer pointed to the improvements Microsoft has made between Windows 2000 and Windows 2003 as an example.

In the first 150 days after Windows 2000 was released, Ballmer said that CERN, the European organization for nuclear research, found 17 critical vulnerabilities. In the first 150 days of Windows 2003, 4 critical vulnerabilities were discovered.

Ballmer told Gartner analyst Tom Bittman that he hoped Microsoft will not face the security problems a year from now.

Barrett was less aggressive. "In five years' time it will be better," Barrett said. "Security is a manageable issue."

HP's Fiorina said security must span the enterprise in order to be successful. "Security requires innovation across all parts of the value chain," she said.

But Ray Wagner, a research director at Gartner, said industry moves to adopt Web services architectures will create security problems that have not yet been predicted.

"The problem is Web services opens up (non-security-sensitive) technologies we've been using for years, and there will be problems with that," Wagner said.

Wagner explained that no one has created a solid taxonomy of how malicious hackers will attack Web services. That will be created as Web services proliferate and hackers attack.