Please create an account to participate in the Slashdot moderation system

 


Forgot your password?
Close
typodupeerror
×

Submission + - Application security is non-existent and my boss doesn't care. What should I do?

Submitted by Anonymous Coward
An anonymous reader writes: I am a senior engineer and software architect at a fortune 500 company and manage a brand (website + mobile apps) that is a household name for anyone with kids. This year we migrated to a new technology platform including server hosting and application framework. I was brought in towards the end of the migration and overall it's been a smooth transition from the users' perspective. However it's a security nightmare for sysadmins (which is all outsourced) and a gloryhole for any hacker with minimal skills. We do weekly and oftentimes daily releases that contain and build upon the same security vulnerabilities. Frequently I do not have control over the code that is deployed, it's simply given to my team by the marketing department. I inform my direct manager and colleagues about security issues before they are deployed and the response is always, "we need to meet deadlines, we can fix security issues at a later point." I'm at a loss at what I should do. Should I go over my manager's head and inform her boss? Approach legal and tell them about our many violations of COPPA? Should I refuse to deploy code until these issues are fixed? Should I look for a new job? What would you do in my situation?

Comment End of an era (Score 0) 59

by cultiv8 (#45139759) Attached to: Time Lapse of Endeavour's Final Ride
We can continue to try and clean up the gutters all over the world and spend all of our resources looking at just the dirty spots and trying to make them clean. Or we can lift our eyes up and look into the skies and move forward in an evolutionary way. -- Buzz Aldrin

Comment Re:Tor compromised (Score 1) 620

by cultiv8 (#45015777) Attached to: Silk Road Shut Down, Founder Arrested, $3.6 Million Worth of Bitcoin Seized

The sealed complaint from the U.S. Attorney suggest that, "As of July 23, 2013, there were approximately 957,079 registered user accounts reflected on the server." This information comes from an image of the "Silk Road Web Server" made by the FBI on that date.

Interested to find out how they got the server image.

Comment Re:Education and Profitability (Score 1) 163

by cultiv8 (#44613643) Attached to: Big MOOC On Campus: Georgia Tech's $6,600 MS In CS
Temple University, Beasley School of Law, concentration in IP and Technology Law. Ranked #56 in nation, not bad for less than 20k/yr for in-state tuition, for which I qualify.

You are too old to go to law school. You will be working for someone who is younger than you... Focus on doing your job; it's what you have.

I'm very glad I've never listened to people like you, you sound old and bitter.

Comment Education and Profitability (Score 2) 163

by cultiv8 (#44604509) Attached to: Big MOOC On Campus: Georgia Tech's $6,600 MS In CS
I have two masters degrees (quant/stats and MBA), work in software development for 10+ years, and have been debating either getting a masters degree in CS or a law degree in IP in the next year or two. When I read this article, right this very instant, I realized it would be more profitable in the long run to get a law degree than to get a CS degree.

Slashdot Top Deals

"It's the best thing since professional golfers on 'ludes." -- Rick Obidiah

Close