I think that more regulation is needed. There are specific software and database design patterns that for decades have been known to be security vulnerabilities, and yet they continue to be repeated. How is it possible that the website for one of the largest banks in the US could be hacked simply by tampering with the browser URL?
Damn, this is 2011 not 1995, are we still developing data access frameworks for websites from scratch without following a standard design pattern? It's time we stopped treating Information Technology as it it were some magical realm that can't be regulated like other industries. For example, building codes specify how plumbing should be installed and what type of pipe materials are allowed. Thank you. The FDA bans certain medical procedures that proven ineffective and high risk. Thank you again.
Citibank hacked. By changing account numbers. In the URL -
Once inside, they leapfrogged between the accounts of different Citi customers by inserting various account numbers into a string of text located in the browser's address bar...
http://channel9.msdn.com/Forums/Coffeehouse/Citibank-hacked-By-changing-account-numbers-In-the-URL
"Do not seek to follow in the footsteps of the wise. Instead, seek what they sought." - Matsuo Basho