JoeWras
Give me a museum and I'll fill it. (Picasso) Give me a forum ...
- Joined
- Sep 18, 2012
- Messages
- 11,727
Sometimes I think sengsational and I worked at the same MC. Although other posts hint that we didn't. His observation is so true it hurts. Security issues are just one of many that lead me to retire. It only got worse as we "sprinted" and our security "stories" got pushed down in priority to oblivion.Having seen, first hand, how IT and specifically IT security is treated in industry, it's no wonder these kind of things come up. They "sprint" to add features, and if there's a "security guy", he's just in the way. Every security enhancement has a cost in convince and complexity, and those investments are often priced higher than the leadership is willing to pay.
Yes. MC gave us a class one time to show how easy it was to do on our own products. Very enlightening, and a very good class. Good on MC for spending resources to show us just how easy it was, and how we need to work on the issue. Unfortunately, not everyone in the decision tree got that class.There has never been a breach that wasn't explained without the use of quantum computing. Usually it's a C language buffer overrun...those have been around 40 years.
Hackers today have whole toolkits at their disposal. They don't even need to do the machine level pushing into the buffer. There are whole development environments that allow them to normally code exploits, just as you would a feature, that automatically get inserted via various exploits such as buffer overruns.
Last edited: