Forgot your password?
typodupeerror

+ - Application security is non-existent and my boss doesn't care. What should I do?

Submitted by Anonymous Coward
An anonymous reader writes "I am a senior engineer and software architect at a fortune 500 company and manage a brand (website + mobile apps) that is a household name for anyone with kids. This year we migrated to a new technology platform including server hosting and application framework. I was brought in towards the end of the migration and overall it's been a smooth transition from the users' perspective. However it's a security nightmare for sysadmins (which is all outsourced) and a gloryhole for any hacker with minimal skills. We do weekly and oftentimes daily releases that contain and build upon the same security vulnerabilities. Frequently I do not have control over the code that is deployed, it's simply given to my team by the marketing department. I inform my direct manager and colleagues about security issues before they are deployed and the response is always, "we need to meet deadlines, we can fix security issues at a later point." I'm at a loss at what I should do. Should I go over my manager's head and inform her boss? Approach legal and tell them about our many violations of COPPA? Should I refuse to deploy code until these issues are fixed? Should I look for a new job? What would you do in my situation?"
This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.

Application security is non-existent and my boss doesn't care. What should I do?

Comments Filter:

Life is difficult because it is non-linear.

Working...