Carnegie Mellon cybersecurity expert says patches won't work for attacked companies

February 09, 2000

PITTSBURGH -- The nation's "dot.com" businesses would be wise to reengineer, not just patch the computer protocols that were vulnerable to attack this week by hackers, says a leading computer security expert from Carnegie Mellon University.

Carnegie Mellon cybersecurity expert Roy Thetford says the solution for the "denial of service attacks" that sent enormous waves of data through various Worldwide Web sites must be comprehensive.

"Software vendors need to develop protocols implementing secure programming practices, including adequate exceptions handling and buffer overflow handling and enforce code validation and verification practices. Finally, websites need to constantly reevaluate host-based trust relationships and promote infrastructure diversity," Thetford says.

Thetford, who is certified by the international information systems security consortium ISC2, directs the CyberSecurity Center at the Carnegie Mellon Research Institute. The CyberSecurity Center delivers computer security solutions to business, government and industry.

Although there are a handful of commercially viable cybersecurity ventures, CyberSec is the only independent consulting group that is administered by a university. The relationship enables CyberSec not only to respond to client needs, but also to develop new information systems security tools through research and development activities.

In addition to helping companies under attack, Thetford's CyberSecurity Center is focusing on the development of intrusion detection systems, malicious code protection systems and Internet security tools. They are also exploring the development of tools for companies that want to engage in electronic, or ecommerce.
-end-
Thetford can be reached at 412-268-6820 or by email: thetford@andrew.cmu.edu More information about the center can be found at www.cmu.edu/cybersec

Carnegie Mellon University
Brightsurf.com is a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for sites to earn advertising fees by advertising and linking to Amazon.com.