SQLServerCentral Editorial

The Blame Game

,

Make no mistake, this is going to be something that happens again. The former CEO of Equifax blames their massive data breach on a bad scanner and a person. I'm not talking about a data breach, of course those are going to happen, and when they do, assume that every piece of data in the system is compromised. I know some digital forensic scientists are really talented, but is a company that didn't necessarily pay attention to security in the first place going to ensure the analysis is done right? Not likely. Assume every record is compromised.

In this case, the former CEO calls out a person that made a mistake, and then says technology failed. I don't think that's true, and I'd agree with Patrick McKenzie, who has a good thread on Twitter. A bad engineering decision, or even a process, is the result of multiple people making mistakes. Certainly there are people that must back up the Apache Struts patch person when they're on vacation. Or there should be. If there isn't, then that's a management failure at multiple levels.

The thing that concerns me is that we, as tech workers, are going to be blamed going forward. The individual isn't named here, but I bet at some point they will be. And some, or many, tech workers will get sacrificed for a company that wants to show contrition and action for security mistakes. It's common for someone to take the blame, but I haven't seen a specific person be identified (or their inaction be called out) in the past. I'm sure some tech people were probably fired after previous incidents at large companies, but not publicly.

While the person wasn't named, there was a report that this individual was no longer employed. Fired? Quit? Who knows. Certainly it's likely that once this breach became public, anyone who might have been responsible for watching CERT lists, applying patches, or anything to do with Apache Struts might be blamed. In fact, I don't know I'd want to continue working at a company that might publicly blame my role for a massive breach. My career might be dead with that management, so I might as well move on. Much easier for everyone to blame me than accept responsibility.

This is the first time I've seen an IT employee blamed. BA said an IT systems failure with their major issues. Yahoo and Target were hacked, but no one in IT was blamed. Sony didn't blame their IT staff after their emails and films were released. Yet Equifax did. I hope this isn't a sign of things to come.

Rate

You rated this post out of 5. Change rating

Share

Categories

Join the discussion and add your comment

Share

Rate

You rated this post out of 5. Change rating

Related content

SQLServerCentral Editorial

Mini-Me

Will the next version of Windows be a "Mini-Me" version of Vista? Who knows, and it's too early to tell, but apparently there's a mini-kernel version of Windows 7, the one after Vista, which fits into 25MB on disk. That's a touch lower than the 4GB that Vista takes up. Granted it's not a full […]

You rated this post out of 5. Change rating

2007-10-25

105 reads

SQLServerCentral Editorial

An Hour in Time

Daylight Savings time switches a little later this year. In fact it's November 4th this year, after having been in October for all of my life. In case you don't remember which way we move the clocks, here's a saying: Spring forward, fall back.

5 (1)

You rated this post out of 5. Change rating

2007-10-17

216 reads

SQLServerCentral Editorial

Software is Like Building a House

One of the really classic analogies in software is that it's like building a house. You have a foundation, multiple teams, lots of contractors that specialize in something, etc. And it's an analogy that's debated as to its relevance over and over. I won't go into the correctness of this analogy, but I wanted to comment on it.

You rated this post out of 5. Change rating

2012-10-08 (first published: )

331 reads