Re: •Web Security

in reply to Web Security

The old saying, 'a little knowledge is a dangerous thing', certainly applies here. I blame $VERY_LARGE_COMPANY for their lack of foresight and their desire to use cutbacks to 'earn' them some more filty lucre.

Comment on Re: •Web Security

Replies are listed 'Best First'.
Re: Re: Web Security by cjf (Parson) on Jun 22, 2002 at 23:36 UTC
While I agree that the company should receive a large share of the blame, we should examine why they place so little value on increased security. Security is a tradeoff, it costs money. In this case the improved security would obviously have been worth the extra developer time required to fix the vulnerability. Many other cases aren't quite so clear and the limited incentives for companies to improve the security of their products are readily apparent. More on this is available at OT: Software & Liability.	[reply]

Replies are listed 'Best First'.

Re: Re: Web Security
by cjf (Parson) on Jun 22, 2002 at 23:36 UTC

While I agree that the company should receive a large share of the blame, we should examine why they place so little value on increased security.

Security is a tradeoff, it costs money. In this case the improved security would obviously have been worth the extra developer time required to fix the vulnerability. Many other cases aren't quite so clear and the limited incentives for companies to improve the security of their products are readily apparent. More on this is available at OT: Software & Liability.

[reply]

In Section Meditations