Ask Slashdot: Application Security Non-existent, Boss Doesn't Care. What To Do?

Ask Slashdot: Application Security Non-existent, Boss Doesn't Care. What To Do? 310

Posted by Soulskill on Wednesday December 04, 2013 @05:06PM from the red-alert dept.

An anonymous reader writes "I am a senior engineer and software architect at a fortune 500 company and manage a brand (website + mobile apps) that is a household name for anyone with kids. This year we migrated to a new technology platform including server hosting and application framework. I was brought in towards the end of the migration and overall it's been a smooth transition from the users' perspective. However it's a security nightmare for sysadmins (which is all outsourced) and a ripe target for any hacker with minimal skills. We do weekly and oftentimes daily releases that contain and build upon the same security vulnerabilities. Frequently I do not have control over the code that is deployed; it's simply given to my team by the marketing department. I inform my direct manager and colleagues about security issues before they are deployed and the response is always, 'we need to meet deadlines, we can fix security issues at a later point.' I'm at a loss at what I should do. Should I go over my manager's head and inform her boss? Approach legal and tell them about our many violations of COPPA? Should I refuse to deploy code until these issues are fixed? Should I look for a new job? What would you do in my situation?"

Ask Slashdot: Application Security Non-existent, Boss Doesn't Care. What To Do?

This discussion has been archived. No new comments can be posted.

Search 310 Comments Log In/Create an Account

Comments Filter:

Go on .. tell us who (Score:5, Funny)

by OzPeter ( 195038 ) writes: on Wednesday December 04, 2013 @05:12PM (#45600709)

And I guarantee that all your problems will be solved very quickly by the dedicate volunteers who visit this site.
But you may need to brush up your resume first.

Call Elbonia (Score:5, Funny)

by Chemisor ( 97276 ) writes: on Wednesday December 04, 2013 @05:13PM (#45600731)

There are some newly unemployed hackers in Elbonia, made deaf and blind by viewing Wally's browsing history. Be a good sport and hire a few of them to break into your website. They are cheap and, being deaf and blind, would not be able to actually see anything useful for identity theft, but will sure be able to get your boss to see the light.

Outsourcing (Score:4, Funny)

by K. S. Kyosuke ( 729550 ) writes: on Wednesday December 04, 2013 @05:21PM (#45600907)

However it's a security nightmare for sysadmins (which is all outsourced)
So it is the security nightmare that is outsourced? Finally someone got outsourcing right.

Re:It won't be a problem until it's a problem... (Score:1, Funny)

by Anonymous Coward writes: on Wednesday December 04, 2013 @05:53PM (#45601511)

irebokable severance

Severance that can't be...given Reebok shoes?

I'd leave Microsoft (Score:5, Funny)

by TheGoodNamesWereGone ( 1844118 ) writes: on Wednesday December 04, 2013 @09:41PM (#45603953)

I'd leave Microsoft and get another job

There may be more comments in this discussion. Without JavaScript enabled, you might want to turn on Classic Discussion System in your preferences instead.

Ask Slashdot: Application Security Non-existent, Boss Doesn't Care. What To Do? 310

Ask Slashdot: Application Security Non-existent, Boss Doesn't Care. What To Do? More Login

Ask Slashdot: Application Security Non-existent, Boss Doesn't Care. What To Do?

Go on .. tell us who (Score:5, Funny)

Call Elbonia (Score:5, Funny)

Outsourcing (Score:4, Funny)

Re:It won't be a problem until it's a problem... (Score:1, Funny)

I'd leave Microsoft (Score:5, Funny)

Related Links Top of the: day, week, month.

Slashdot Top Deals

Slashdot