John Pescatore

A member of the Gartner Blog Network

John Pescatore
VP Distinguished Analyst
11 years at Gartner
32 years IT industry

John Pescatore is a vice president and research fellow in Gartner Research. Mr. Pescatore has 32 years of experience in computer, network and information security. Prior to joining Gartner, Mr. Pescatore was senior consultant for Entrust Technologies and Trusted Information Systems… Read Full Bio

Coverage Areas:

Gawker Does A Mea Culpa, But What About More Secure Code?

by John Pescatore  |  December 22, 2010  |  Submit a Comment

The Poynter web site posted an internal email from Gawker’s CTO outlining lessons learned from Gawker’s recent exposure of thousands of users passwords. There were some good lessons learned about lack of preparedness and a brief acknowledgement of not focusing on security:

… attention to completed work is every bit as important as attention to upcoming work. Our development efforts have been focused on new product while committing relatively little time to reviewing past work. This is often a fatal mistake in software development and was central to this vulnerability.

But, in the Moving Forward section of his memo there is absolutely nothing about emphasizing a secure development life cycle and making sure code is tested for common application vulnerabilities before being released for production use. Lots of good “Moving Forward” on protecting Gawker employee passwords, but not a word on building better software.

Coal in Gawker’s stocking!

Submit a Comment »

Category: Uncategorized     Tags:

0 responses so far ↓

  • There are no comments yet...Kick things off by filling out the form below.

Leave a Comment