BT

New Early adopter or innovator? InfoQ has been working on some new features for you. Learn more

Collaboration Tools Free - But Vulnerable

| by Deborah Hartmann Preuss on Jul 04, 2006. Estimated reading time: 1 minute |
For the classic Extreme Programming team, developers and their customer all work daily in the same room. But other methodologies are less stringent, and even XP teams sometimes need to find compromises when organizations exist across multiple campuses, or continents. Enter collaborative technologies - where they are allowed.

Many organizations are nervous about user-installed software, and publish rules banning unapproved installation. Some actually block non-sanctioned installation, and perhaps justifiably: Bit9, Inc., whose technology solves the problem of unwanted software on the desktop has compiled a list of the top applications with known security vulnerabilities, including applications frequently downloaded by individuals (and thus perhaps not sanctioned by the enterprise) and not classified as malicious. Each has at least one critical vulnerability, and relies on the end user, not the corporate IT department, to manually patch or upgrade to fix bugs.

Collaborative software commonly used by Agile teams, either with their customers or with distant team members, do appear on the list:

Number
3.   Skype 1.4
7.   AOL Instant Messenger 5.5
8.   Microsoft Windows/MSN Messenger 5.0
9.   Yahoo Instant Messenger 6.0
15. ICQ 2003a

View the full list on Bit9.com's site. 

Hmmm.  What's on your desktop?

Rate this Article

Adoption Stage
Style

Hello stranger!

You need to Register an InfoQ account or or login to post comments. But there's so much more behind being registered.

Get the most out of the InfoQ experience.

Tell us what you think

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Email me replies to any of my messages in this thread

... but most of them are already offering patches by Alex Popescu

I find this very interesting: most of the software included in the list are already providing patches/fixes for the reported vulnerabilities. And afaik, most of them are having quite a good release schedule, so there are great chances these problems are fixed very quickly.

./alex
--
.w( the_mindstorm )p.

Re: ... but most of them are already offering patches by Deborah Hartmann

I guess the issue for enterprises is: installing such patches (or new versions) is up to the employee, not a systematic or highly reliable method for protection of corporate assets.

Re: ... but most of them are already offering patches by Noah Campbell

That's why most corporations block IM protocols at the network level. Secure IM is possible, but not from the IM's listed above. Jive Wildfire (jivesoftware.org) supports secure communication between client and server.

-Noah

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Email me replies to any of my messages in this thread

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Email me replies to any of my messages in this thread

3 Discuss

Login to InfoQ to interact with what matters most to you.


Recover your password...

Follow

Follow your favorite topics and editors

Quick overview of most important highlights in the industry and on the site.

Like

More signal, less noise

Build your own feed by choosing topics you want to read about and editors you want to hear from.

Notifications

Stay up-to-date

Set up your notifications and dont miss out on content that matters to you

BT