When will a buck-stops-here culture finally reach the software industry?

Not soon enough, if Lenovo’s Superfish software scandal is any indication.

From September to January, Lenovo shipped more than two dozen laptop models with Superfish software that inserted its own ads in Web search results. (It’s widely estimated that means millions of computers, though the company hasn’t gone into detail.) More than that, Superfish exposed the laptops and their Internet traffic to hackers in a way security experts have described as egregious and easily exploitable.

Lenovo’s chief technology executive claimed the company was just trying to improve the user experience. “Our teams did not understand the significant security problem that [Superfish] presented,” Peter Hortensius said Tuesday. “We’re desperate to understand why we missed that.” The company on Friday issued a statement pledging to reform its ways.

Superfish, too, pleaded ignorance. Founder and CEO Adi Pinhas blamed a small Israeli startup called Komodia. It’s Komodia’s software that allowed Superfish to decode Internet traffic and insert ads. Komodia did not respond to a request for comment, but in a 2009 blog, CEO Barak Weichselbaum detailed working on a security program designed to hijack secure Internet traffic.

Lenovo’s Superfish debacle highlights a growing problem in the software world: As more software components are outsourced, consumers are placed at greater risk than ever before. Software used by billions of consumers and businesses almost always relies on components made by development companies far removed from the final product, each trusting the other to do their due diligence. Few are, however, and that’s putting you at risk, experts say.

Read the Full Article: Source – c|net
http://www.cnet.com/news/lenovos-superfish-screwup-highlights-biggest-problem-in-software/

source not found