http://www.perlmonks.org?node_id=157622


in reply to web site design, or lack thereof

I am not surprised because if the management is not security conscious, the web people aren't going to be.

In your stories case; the management did not understand or care about security to hire a designer that is concerned. Then again, he might have been the cheapest they could find! ;-)

Even though your claims about losses are right, to many executives they see a large expenditure for something that might happen.

Another school of thought and a phrase I have even heard "Put it now, we will fix it later" Why delay the roll out with the security design? We can always add it later! *Shudders*

Makes me believe the Peter Principle is fact! ;-)