The result is far from perfect, unfortunately. Certificate pinning won't work for all circumstances. Even when it does work, it hampers scalability as well as flexibility in our production environments -- any certificate change would potentially require pushing out a new version of the affected app, for example.
But it does indeed give us an effective bit of digital duct tape to hold our software together securely -- until a better solution can be developed.
With more than 20 years in the information security field, Kenneth van Wyk has worked at Carnegie Mellon University's CERT/CC, the U.S. Deptartment of Defense, Para-Protect and others. He has published two books on information security and is working on a third. He is the president and principal consultant at KRvW Associates LLC in Alexandria, Va.
Read more about security in Computerworld's Security Topic Center.
