SQL Clone
SQLServerCentral is supported by Redgate
 
Log in  ::  Register  ::  Not logged in
 
 
 


The Achilles Heel


The Achilles Heel

Author
Message
Phil Factor
Phil Factor
SSCertifiable
SSCertifiable (7.4K reputation)SSCertifiable (7.4K reputation)SSCertifiable (7.4K reputation)SSCertifiable (7.4K reputation)SSCertifiable (7.4K reputation)SSCertifiable (7.4K reputation)SSCertifiable (7.4K reputation)SSCertifiable (7.4K reputation)

Group: General Forum Members
Points: 7418 Visits: 3062
Comments posted to this topic are about the item The Achilles Heel


Best wishes,

Phil Factor
Simple Talk
Jeff Moden
Jeff Moden
SSC Guru
SSC Guru (377K reputation)SSC Guru (377K reputation)SSC Guru (377K reputation)SSC Guru (377K reputation)SSC Guru (377K reputation)SSC Guru (377K reputation)SSC Guru (377K reputation)SSC Guru (377K reputation)

Group: General Forum Members
Points: 377032 Visits: 42913
Heh... I won't mention the name of the company that I think you're talking about but its initials are "Equifax" Tongue

I can't believe that the CEO of a company would be so lame as to try to put the blame on some probably overworked nub that forgot to install a patch. Where is the sign off and verification of the process that requires the installation of such patches? That blatherskite of a CEO should be folded in half and shot butt first from a cannon into the business end of a sharpened telephone poll.

Absolutely great article on the subject, Phil. Thanks for taking the time to write it.


--Jeff Moden

RBAR is pronounced ree-bar and is a Modenism for Row-By-Agonizing-Row.
First step towards the paradigm shift of writing Set Based code:
Stop thinking about what you want to do to a row... think, instead, of what you want to do to a column.
If you think its expensive to hire a professional to do the job, wait until you hire an amateur. -- Red Adair

Helpful Links:
How to post code problems
How to post performance problems
Forum FAQs
jasona.work
jasona.work
SSCoach
SSCoach (17K reputation)SSCoach (17K reputation)SSCoach (17K reputation)SSCoach (17K reputation)SSCoach (17K reputation)SSCoach (17K reputation)SSCoach (17K reputation)SSCoach (17K reputation)

Group: General Forum Members
Points: 17964 Visits: 13338
Sigh. My first thought when I read the news about who the "retiring" Equifax CEO "blamed" for the breach was "It wasn't me! It was the one-armed IT guy!"

That being said, on the general thrust of the editorial, I think part of the reason why no details are released about the causes of these breaches is more "the software is *OUR* product / proprietary and we don't want to give our competitors insight into how we do things." I know in the past people have bandied about the idea of something along the lines of a "real" professional organization for programmers / IT people, sort of like the AMA or such.

Interesting idea, but I can't see it taking off, not in any meaningful manner. Unlike, say for instance surgery, there are so many different ways to do the same thing (different programming languages, styles, etc.) And again, unlike medicine, it's far, far easier (I think) for errors to creep into software being written than for a Dr to leave a sponge in your chest or miss a stitch. Add to that the "get it out the door yesterday and we'll fix the bugs tomorrow" mentality of many businesses and you get even more errors creeping in (and despite the "fix it tomorrow," well, tomorrow is always tomorrow, never today.)

Maybe the best that software developers / IT staff can hope for is to point out (in writing, of course) what appear to be weak or poor policies (really Equifax? ONE guy was responsible for the patching??) and try to get them changed. Because sadly, businesses tend to think of us as interchangeable with some C-level execs cousin who's "good with computers," except for the business knowledge we already have. Use other breaches and failures as ammo in your fight to get lax policies corrected. If you go to your boss and tell them "if we don't get at least 2 other people involved in making sure security updates get applied in a timely manner, we could end up being the next Equifax of our industry" will carry more weight than "boss, it's been just me handling updates, what happens if I go on vacation and a big apply this now security update comes out while I'm gone?" In the case of the latter, the boss will likely say "enh, we'll be fine until you get back, don't worry about it."

And then the company gets breached while you were in Cancun, a couple days / weeks / months later it gets discovered, and you've just become the CEOs "one-armed IT guy" whose fault it was. CEO gets their golden parachute, you get a cardboard box and 15 minutes with a security guard to clean out your desk and a resume-stain...
Andy Robertson
Andy Robertson
SSC Eights!
SSC Eights! (875 reputation)SSC Eights! (875 reputation)SSC Eights! (875 reputation)SSC Eights! (875 reputation)SSC Eights! (875 reputation)SSC Eights! (875 reputation)SSC Eights! (875 reputation)SSC Eights! (875 reputation)

Group: General Forum Members
Points: 875 Visits: 214
Very amusing!
I'd imagine that companies that go round sacking individuals for what are in essence cultural or systemic problems tend to end up out of business fairly shortly anyway. Best to leave as soon as you realise the culture has gone wrong before you can be scapegoated.
Go


Permissions

You can't post new topics.
You can't post topic replies.
You can't post new polls.
You can't post replies to polls.
You can't edit your own topics.
You can't delete your own topics.
You can't edit other topics.
You can't delete other topics.
You can't edit your own posts.
You can't edit other posts.
You can't delete your own posts.
You can't delete other posts.
You can't post events.
You can't edit your own events.
You can't edit other events.
You can't delete your own events.
You can't delete other events.
You can't send private messages.
You can't send emails.
You can read topics.
You can't vote in polls.
You can't upload attachments.
You can download attachments.
You can't post HTML code.
You can't edit HTML code.
You can't post IFCode.
You can't post JavaScript.
You can post emoticons.
You can't post or upload images.

Select a forum







































































































































































SQLServerCentral


Search