Ask Slashdot: Application Security Non-existent, Boss Doesn't Care. What To Do? 310
An anonymous reader writes "I am a senior engineer and software architect at a fortune 500 company and manage a brand (website + mobile apps) that is a household name for anyone with kids. This year we migrated to a new technology platform including server hosting and application framework. I was brought in towards the end of the migration and overall it's been a smooth transition from the users' perspective. However it's a security nightmare for sysadmins (which is all outsourced) and a ripe target for any hacker with minimal skills. We do weekly and oftentimes daily releases that contain and build upon the same security vulnerabilities. Frequently I do not have control over the code that is deployed; it's simply given to my team by the marketing department. I inform my direct manager and colleagues about security issues before they are deployed and the response is always, 'we need to meet deadlines, we can fix security issues at a later point.' I'm at a loss at what I should do. Should I go over my manager's head and inform her boss? Approach legal and tell them about our many violations of COPPA? Should I refuse to deploy code until these issues are fixed? Should I look for a new job? What would you do in my situation?"
Go on .. tell us who (Score:5, Funny)
And I guarantee that all your problems will be solved very quickly by the dedicate volunteers who visit this site.
But you may need to brush up your resume first.
Call Elbonia (Score:5, Funny)
There are some newly unemployed hackers in Elbonia, made deaf and blind by viewing Wally's browsing history. Be a good sport and hire a few of them to break into your website. They are cheap and, being deaf and blind, would not be able to actually see anything useful for identity theft, but will sure be able to get your boss to see the light.
Outsourcing (Score:4, Funny)
However it's a security nightmare for sysadmins (which is all outsourced)
So it is the security nightmare that is outsourced? Finally someone got outsourcing right.
Re:It won't be a problem until it's a problem... (Score:1, Funny)
Severance that can't be...given Reebok shoes?
I'd leave Microsoft (Score:5, Funny)