The Poynter web site posted an internal email from Gawker’s CTO outlining lessons learned from Gawker’s recent exposure of thousands of users passwords. There were some good lessons learned about lack of preparedness and a brief acknowledgement of not focusing on security:
… attention to completed work is every bit as important as attention to upcoming work. Our development efforts have been focused on new product while committing relatively little time to reviewing past work. This is often a fatal mistake in software development and was central to this vulnerability.
But, in the Moving Forward section of his memo there is absolutely nothing about emphasizing a secure development life cycle and making sure code is tested for common application vulnerabilities before being released for production use. Lots of good “Moving Forward” on protecting Gawker employee passwords, but not a word on building better software.
Coal in Gawker’s stocking!
Category: Uncategorized Tags: