Slashdot Mirror

← Back to Stories (view on slashdot.org)

Balancing Bad Applications vs. Network Security?

Posted by ryuzaki0 on from the rocks-and-hard-places dept.

Darlok asks: "One of our clients recently purchased a new financial software package from a major vendor for their industry. This is not a small mom-and-pop software house. The problem is, like a lot of industry-specific software, there are a considerable number of bugs. What's shocking is that to work around a problem preventing users from logging on, the manufacturer's recommended solution is to grant -Domain Administrator- privileges to all users, and they refuse (or are is unable) to explain that need further (it's bad enough that an increasing amount software seems to require local administrator privileges). Considering the enormous costs involved, how do you explain to Management that they shouldn't run this software until the problem is resolved -- which could be a long time, costing even more money? How do you balance productivity versus security when ANY productivity would give away the keys to the city? What can make an industry-specific software manufacturer pay attention to larger issues when they already have something of a captive audience?"

1 of 93 comments (clear)

  1. Bring a translator. by jonbritton · · Score: 2, Funny

    Speak their language. Management types, around half the time, hear "security concern" and think you're some overstuffed loser with delusions of grandeur, afraid of THE HACKERS who care, at all, about your data. The other half are of the same ilk, but think you're suffering from a guilty conscience and are the "hacker" they need to worry about. Instead, warn them the security risks open the way for buzzword storms. Viruses! Worms! SPYWARE! SPAMMERS! Crashing servers! Cats and dogs, living together! Breaking Windows!

    "It'll never happen to us!" is a mantra of the generation. It's what keeps sex feeling real, condomless good. It's what keeps us smoking those feel-nice cigarettes. It's what has us drive after that third beer. And, it's what has us open up port 3389 and upchuck admin privs to every dipshit who uses their first name and the number "1" as a password. Speak to their experience, and don't tell them what they want to hear (that you're a self-important geek.)

    Tell them what they're most afraid of hearing.