Just around the corner, this week there is the Boston Startup Week (http://bosstartupweek.com/). Although I don't consider Vodia a startup, I could not resist to attend the "Boston's Cybersecurity Economy" session to hear what is going on in our neighborhood when it comes to cyber security. Not that I would expect VoIP to be a topic there; but generally to hear what is going on.
My personal take away from the session was that there are two fundamental problems in the cyber security space: (1) buggy software and (2) negligeant users. Those two factors have created an amazing, multi-billion dollar economy that literally try to contain the damage coming from those two factors with a whole lot of products and services around it.
We have always tried hard to make our software as smooth as possible to minimize the impact from (1). This actually includes software updates and maintenance plans, if you think about it.
However looking at the history of breaches and glitches in our environment, my feeling is that the biggest problem comes from (2), especially when those users choose passwords like "password" or "secret" and PIN codes like 1234. In many cases it is understandable, if you work lets say in a warehouse and have a cordless phone, why would you bother assigning a strong password to your account. At the end of the day, you are just a user and sometimes it is not your business really.
Needless to say that the PBX already generates passwords e.g. for the provisioning of phones that are completely random and which the user will usually never see, and which the user never wants to see.