QOTD - Rafal Los' Dose of Security Reality

In a typical company where risks are a-plenty, and IT is up to its eyeballs in delivery issues it's a little difficult to suddenly step in and talk about security vulnerabilities like they're somehow more important than the 10,000 things that are already on fire. When the whole forest is on fire... which tree do you save first?

Enterprises and SMBs alike are looking to save money, cut corners (whether they want to admit it or not) and unfortunately security sometimes falls off the docket. Whether it's the security team's fault for not properly articulating the issue or the CIO's for simply not understanding the risks... the result is often the same. Somewhere in your business are thousands of lines of insecure, exploitable, and very lucrative code. Worse yet - that stuff has been there for years and now when you review a small snip that's changing and find that the whole thing has to be re-done... no one wants to pony up the money to do the work - right? --Rafal Los, IT Security Risk Strategist, blogger at http://preachsecurity.blogspot.com/
Src: [RANT] Call Me a Realist | Digital Soapbox - Preaching Security to the Digital Masses

No comments: