So, we started with a report on “legacy” COBOL systems still being in use and a report suggesting this represented a security risk, since the writers of those systems have retired and are dying off. We wanted a quick sanity check and found ourselves pinned to a wall of naivete pretty quickly. One technology journalist we spoke to, for example, reckoned there might be a few machines out there running Windows XP but only a handful, and nothing older.
At the personal computing level this might be right. On a corporate level and looking at the systems on which many people depend for their daily functions, it couldn’t be more wrong. The study we were looking at, from SSRN, covered the American IRS system. It also covered 2015’s breach of the US Office of Personnel Management, both of which run on old COBOL systems.
Asking around, we found the same was true of British systems and banks internationally.
So if no-one’s able to update these things, is the security automatically compromised?
Full Article
