WASHINGTON (Reuters) - A top U.S. cyber security expert blasted software developers on Thursday for marketing flawed products that he said boosted the Internet's vulnerability to high-tech hacker attacks.
``There is little evidence of improvement in the security features of most products,'' said Rich Pethia, director of a federally funded computer emergency response operation at Carnegie Mellon University in Pittsburgh. ``Developers are not devoting sufficient effort to apply lessons learned about the sources of vulnerabilities.''
Pethia made his comments to a congressional panel looking into the so-called denial-of-service attacks that disrupted access to popular Web sites last month for a few hours at a time.
He said his organization, which responded to more than 8,000 computer security incidents last year, up from 132 in its first full year of operation 10 years earlier, had found the same types of security defects in newer versions of products as in earlier ones.
``Technology evolves so rapidly that vendors concentrate on time to market, often minimizing that time by placing a low priority on security features,'' he said in a statement to a subcommittee of the House of Representatives Committee on Government Reform.
The alleged lack of urgency in plugging such cracks is unlikely to change until customers demand that products that are more secure, Pethia said.
Pethia did not criticize any companies by name in his prepared statement to the panel.