Tuesday, May 23, 2006

Software Security Isn't Just Code

From the "We're Really Friggin' Stupid" department: Veterans' data swiped in theft | CNET News.com.

Security isn’t just how well you build your code, it’s also about policies and procedures ensuring critical data is properly protected.  You can lock down access privileges all you want on your database and file system, do all the code reviews you want to ensure no SQL injection attacks are allowed, but at the end of the day all it takes is some stupid SOB taking home critical data on a laptop which then gets stolen.

I’m a veteran and my wife’s active duty military. Privacy information for both of us is now at risk.  Think I’m pissed off about this?  You bet.

This definitely gets added to my Into to Secuity presentation as an example of What Not To Do.

No comments:

Subscribe (RSS)

The Leadership Journey