Comments on: The problem with VoIP Security http://www.ejovi.net/2005/09/25/the-problem-with-voip-security/ Thu, 16 Oct 2008 06:42:37 +0000 http://wordpress.org/?v=2.6 By: ejovi nuwere http://www.ejovi.net/2005/09/25/the-problem-with-voip-security/#comment-539 ejovi nuwere Mon, 26 Sep 2005 14:39:08 +0000 http://www.ejovi.net/2005/09/25/the-problem-with-voip-security/#comment-539 I agree. Most vendors are, and need to be focusing on "making it work." That's why I cut vendors a lot of slack. But we should be atleast talking about this issue now so we don't go through the whole cycle again of rushing to fix it at the very last minute. I agree. Most vendors are, and need to be focusing on “making it work.” That’s why I cut vendors a lot of slack. But we should be atleast talking about this issue now so we don’t go through the whole cycle again of rushing to fix it at the very last minute.

]]> By: stijn http://www.ejovi.net/2005/09/25/the-problem-with-voip-security/#comment-538 stijn Mon, 26 Sep 2005 13:25:44 +0000 http://www.ejovi.net/2005/09/25/the-problem-with-voip-security/#comment-538 I agree with your pro-active approach by setting bad code on number one. But don't forget that code is written by humans and they make mistakes. Always. Take buffer overflows, we have been knowing them for years and still every day those vulnerabilities pop up. It will take a generation and education changes to produce coders with a security mindset. At the end of the day, it's the responsibility of you and me, security pros to provide the confidentiality of VoIP. Not coders they deliver complex functionality. For now, the companies spend more time in Return On Investment and functionality requirements... If a VoIP connection can not match up with normal PSTN, it just won't be deployed. I agree with your pro-active approach by setting bad code on number one. But don’t forget that code is written by humans and they make mistakes. Always.

Take buffer overflows, we have been knowing them for years and still every day those vulnerabilities pop up.

It will take a generation and education changes to produce coders with a security mindset. At the end of the day, it’s the responsibility of you and me, security pros to provide the confidentiality of VoIP.
Not coders they deliver complex functionality.

For now, the companies spend more time in Return On Investment and functionality requirements…

If a VoIP connection can not match up with normal PSTN, it just won’t be deployed.

]]>