Beefy Boxes and Bandwidth Generously Provided by pair Networks
Problems? Is your data what you think it is?

Re: 標eb Security

by digiryde (Pilgrim)
on Jun 23, 2002 at 22:05 UTC ( #176635=note: print w/replies, xml ) Need Help??

in reply to Web Security

Several places I have worked for scoffed at security, or any other need not immediately visible to management. Many times I have written a requirements document for code based on the requirements document I was given that included performance and security elements that would have added between 2 and ten percent to the project and saved on the need for several servers(admin time and server cost) or would have closed up several security holes (priceless?) only to have the issues scratched from the immediate to-do list and added to the post-installation list. In most cases the performance items were driven back to us within a week of install (black eye) by which time we had those issues dealt with and were ready for more testing for a fast install.

We could have waited a week and installed without issue (smaller black eye), but our immediate management wanted to impress upper management by holding to their insane development time frames. We were almost never asked to do anything security related once the product was in.

The rule I have learned is if they can not see it, they do not care. Typical clueless mindset. We don't need a firesystem until we have a fire. Then its too late.

Replies are listed 'Best First'.
Re: Re: 標eb Security
by rattusillegitimus (Friar) on Jun 24, 2002 at 14:26 UTC

    I've been in that awful position more than once, too. The worst of it for me was knowing that I personally din't at the time understand enough about Perl and web security to write code I was tasked with in a resonably safe manner, but not being given the time needed to research and learn or some assistance in finding and closing glaring security holes when I would loudly and clearly proclaim my own ignorance in the area to the bosses.

    We were lucky. So far as I know, none of my security ignorance was exploited in the time between putting potentially dangerous code into production and getting one of my co-workers to sneak a break from his own insane time-frame to double check me.

    Now that Perl has become more avocation than vocation for me, I've taken the time to close many of those gaps in my knowledge. ;)


Log In?

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: note [id://176635]
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others browsing the Monastery: (5)
As of 2022-08-19 08:21 GMT
Find Nodes?
    Voting Booth?

    No recent polls found