This is cache of http://ravichar.blogharbor.com/blog/_archives/2007/3/5/2783486.html. Cache is the snapshot of article that we took when we index feed.
To see original page click here.
We are not affiliated with the authors of this article and not responsible for its content.
Cost of vulnerability
2007-03-05 21:19:05 by RaviC in Musings on Information Security
 

Early in my career, I had this interesting experience that I would like to share. I worked with a software engineer / architect who was extremely brilliant. He was equally arrogant too.

I found a very serious vulnerability in his code where a hacker could easily hijack a user session. I set up a demo scenario for this and walked up to his office to bring this to his attention. His response to my discovery was more amazing than the vulnerability itself. He thumped his clenched fist on the table and avered " My code is bullet proof". By his immature and stupid reaction the architect increased the cost of vulnerability.

I was deeply upset by his remark. Though it could have easily turned into a heated exchange I restrained myself and walked back to my cube. One among the top management happened to pass by my cube, he looked at the demo scenario and exclaimed "this really sucks!". Eventually the vulnerability was acted up on and a fix was deployed on time.

The way you react to a vulnerability determines the cost of the vulnerability. There is no right answer here. Prudent and Pragmatic approach can reduce the cost and preserve company's brand identity.

 
Tags: vulnerability, vulnerability determines, cost, demo scenario, easily, easily hijack, extremely brilliant, preserve company, bullet proof
 
 
 
 
 
TOP SEARCH
Expand / MinimizeClose Widget
  •  
RECENT SEARCH
Expand / Minimize
  •  
RELATED VIDEO
Expand / Minimize
SecurityRatty FAQ
Sergey Zarubin, 31yo
CISSP, CCSP
Moscow, Russia