Let's talk about the "other side" of security.

From what I've seen on these very forums, most companies shouldn't be allowed to be in business never mind write even a single line of code. How many times have we seen people with query requests where the SSN, TIN, Credit Card numbers, and other personal information are stored in clear text? Even storing the "last 4 digits" and someone's birthdate in clear text is a violation, in my eyes. You can do a whole lot of damage with just those two pieces of information if you're dedicated to the art of invasion.

As for "allow shoddy code", that's totally wrong. They INSIST on shoddy code because "it takes too long to do it right". :crazy:

Enforcement is stupid, as well. I worked for one company that repeatedly failed PCI compliance but they were still allowed 2 whole years to get their act together. My feeling is that such compliance should be achieved and certified by proper authority BEFORE anything hits production. But, NO, that would slow things down too much.

Don't get me started on all of the information, like SSN's, etc, that we have to give up just to get the lights turned on in the house or to procure other simple services. It's ridiculous and so is the way a whole lot of supposed reputable companies/hospitals, etc handle the data.

I guess that qualifies as a "rant", huh?