Security: In his fourth installment of the series on building a next-generation secure Internet Roger Grimes points out that “applications are hard to secure.” Sounds a wee dram obvious, indeed, but that is precisely the point. “In a secure ecosystem, all software components in the OS or any application would not only be signed and authenticated, but would seek approval before executing or being loaded into memory,” he writes in Secure applications in a secure ecosystem, the next challenge. Granted, that’s not at all an easy task, but “once you have that solved, a whole lot of the other pieces fall into place more easily.” Advice Line: A re-emergence of the phrase “don’t ask, don’t tell,” occurs in Bob Lewis’ latest entry. Only this time it’s about what to do when employees tell you they’re using external e-mail systems to evade legal requirements on the official system. “Tell your users that you didn’t hear them, and could they please not repeat it,” Lewis offers. “This is one of those situations where everyone is better off pretending.”The news beat: Security vendor Immunity’s CEO says that the average zero-day bug has a 348-day lifespan, and that huge amounts of money are being offered for zero-day discoveries. Borland and VMware team up on testing virtualization with both offering product upgrades that can function with each other. And Microsoft takes a big step to near-shoring in Canada by opening a software development centre in the Vancouver area. Security