[ale] a quick test of web site stupid
Leam Hall
leamhall at gmail.com
Mon Mar 4 14:09:22 EST 2013
On 03/04/2013 12:56 PM, Jim Kinney wrote:
> Given the importance of reliable software in a growing number of areas,
> I see a need to have professional licenses for programmers that touch
> finance, health care, public safety, etc. We don't let just anyone
> design a bridge and that's for good reasons. We need to rethink this
> field from a public health and safety perspective.
>
> I can also see a need for mandatory professional certifications for
> System Administrators in those same areas.
>
> ditto for DBA work.
>
While I personally agree with this, very few companies would choose to
pay the extra for well coded, secure, apps or systems. The entire
concept of off shoring financial computing gives me the willies.
So how do you push back as a user? Can we find out which companies
actually care about security enough to staff it with reasonably bright
people? That is, not just someone who can pass a CISSP test but actually
has some clue of how a computer works. Check-lists are good, but they
have limits.
The flip is understanding that if you're not paying for a service,
you're the product. Dice.com doesn't even use https for password
changes. Facebook security? Why? They're mining you and your contacts
for all you're worth.
At this point in my life I've come to the understanding that anything I
have ever done can be known about, and any transaction I make on the net
can be public. Thus I really monitor what I write and avoid on-line
transactions except for PayPal and Amazon. Those seem large enough to
take things seriously.
Leam
More information about the Ale
mailing list