Declan McCullogh has a number of interesting references in his current Politech note. Excerpts are shown below. The concern for improved security and resilience is commendable, the immediate focus on vendors cramming down patches on users is, erm, debatable. http://www.politechbot.com/p-02875.html -------- As part of its efforts to beef up homeland security, the federal government will set up a national center for infrastructure simulation and analysis in January, said Richard Clarke, chairman of President Bush (news - web sites)'s Critical Infrastructure Protection Board. ``The center will create, if you will, an acupuncture map of the country, so that if there is a fire in a railroad tunnel in Baltimore, we know the Internet slows down in Chicago,'' Clarke told a gathering of high-tech executives at the Business Software Alliance's first Global Tech Summit .. Clarke also appealed to the private sector, which controls the vast majority of the Internet's infrastructure, to beef up its security practices as well. ``We need to decide that IT security functionality will be built into what we do. It's not an afterthought anymore,'' he said. Software products should be shipped with security settings at their highest level, he said, and high-speed Internet providers should require individual users to install ''firewalls'' to protect against damaging viruses. Software companies should not just make ``patches'' available to fix vulnerabilities in their products, but automatically update users' software for them, he said. ``It's not beyond the wit of this industry to figure out a way of forcing down these patches,'' he said. http://dailynews.yahoo.com/h/nm/20011204/wr/tech_security_dc_1.html