Collaboration Tools Free - But Vulnerable

by Deborah Hartmann Preuss on Jul 04, 2006 |

For the classic Extreme Programming team, developers and their customer all work daily in the same room. But other methodologies are less stringent, and even XP teams sometimes need to find compromises when organizations exist across multiple campuses, or continents. Enter collaborative technologies - where they are allowed.

Many organizations are nervous about user-installed software, and publish rules banning unapproved installation. Some actually block non-sanctioned installation, and perhaps justifiably: Bit9, Inc., whose technology solves the problem of unwanted software on the desktop has compiled a list of the top applications with known security vulnerabilities, including applications frequently downloaded by individuals (and thus perhaps not sanctioned by the enterprise) and not classified as malicious. Each has at least one critical vulnerability, and relies on the end user, not the corporate IT department, to manually patch or upgrade to fix bugs.

Collaborative software commonly used by Agile teams, either with their customers or with distant team members, do appear on the list:

Number

3.   Skype 1.4
7. AOL Instant Messenger 5.5
8.   Microsoft Windows/MSN Messenger 5.0
9.   Yahoo Instant Messenger 6.0
15. ICQ 2003a

View the full list on Bit9.com's site.

Hmmm. What's on your desktop?

Related Editorial

Agile workshops and training

Cloud Identity Buyer’s Guide: Managing Identity in the Cloud

Cloud Computing Demands Enterprise-Class Password Management and Security

Enterprises Need Hybrid SSO Solutions to Bridge Internal IT and SaaS

Identity in the Cloud: Use the Cloud without Compromising Enterprise Security

Related Sponsor

Agile Project Management That Adapts With You. Provide your global development team a shared space that adapts to the way they work.

Hello stranger!

You need to Register an InfoQ account or to post comments. But there's so much more behind being registered.

Get the most out of the InfoQ experience.

Tell us what you think

Community comments

... but most of them are already offering patches by Alex Popescu Posted

Re: ... but most of them are already offering patches by Deborah Hartmann Posted

Re: ... but most of them are already offering patches by Noah Campbell Posted

... but most of them are already offering patches by Alex Popescu

I find this very interesting: most of the software included in the list are already providing patches/fixes for the reported vulnerabilities. And afaik, most of them are having quite a good release schedule, so there are great chances these problems are fixed very quickly.

./alex
--
.w( the_mindstorm )p.

Re: ... but most of them are already offering patches by Deborah Hartmann

I guess the issue for enterprises is: installing such patches (or new versions) is up to the employee, not a systematic or highly reliable method for protection of corporate assets.

Re: ... but most of them are already offering patches by Noah Campbell

That's why most corporations block IM protocols at the network level. Secure IM is possible, but not from the IM's listed above. Jive Wildfire (jivesoftware.org) supports secure communication between client and server.

-Noah