Saturday, February 16, 2008
Ways to Defend Yourself in the Blogosphere...
I got an interesting email from a blogger who asked me to write about what I would do if I were in the shoes of Craig Randall who may be infamous for creating insecure ECM architectures and figured I would share my perspective...
Please note that I am intentionally withholding the name of the blogger who asked me to write this blog entry, but will comment that he did thank me for making security transparent and did mention he was sharing several of my postings on this topic with several customers.
Anyway, I think if I were Craig Randall, I would do several things. First, I think it is important to acknowledge that any and all feedback is good feedback and thank individuals for taking the time out to provide it. I would probably comment that feedback on products is important towards making the product even better.
I would also include some message that states that security is top of mind and we pride ourselves on not only doing the right thing for customers who purchase our product, but also the entire ecosystem at large in which we are just one piece.
I would take about the importance of transparency and encourage others that find security vulnerabilities to provide even more feedback at an even faster rate. It is vital that you let folks know that you have a sense of urgency around security issues.
I would probably conclude with a cliche sounding statement about redoubling our efforts to not only provide a feature-rich ECM architecture but also one that is most secure, bar none.
Of course, I am not Craig Randall nor any other individual who gets called out in the blogosphere, so these are simply suggestions for general applicability and not meant to be predictors of actual behavior...
| | View blog reactionsPlease note that I am intentionally withholding the name of the blogger who asked me to write this blog entry, but will comment that he did thank me for making security transparent and did mention he was sharing several of my postings on this topic with several customers.
Anyway, I think if I were Craig Randall, I would do several things. First, I think it is important to acknowledge that any and all feedback is good feedback and thank individuals for taking the time out to provide it. I would probably comment that feedback on products is important towards making the product even better.
I would also include some message that states that security is top of mind and we pride ourselves on not only doing the right thing for customers who purchase our product, but also the entire ecosystem at large in which we are just one piece.
I would take about the importance of transparency and encourage others that find security vulnerabilities to provide even more feedback at an even faster rate. It is vital that you let folks know that you have a sense of urgency around security issues.
I would probably conclude with a cliche sounding statement about redoubling our efforts to not only provide a feature-rich ECM architecture but also one that is most secure, bar none.
Of course, I am not Craig Randall nor any other individual who gets called out in the blogosphere, so these are simply suggestions for general applicability and not meant to be predictors of actual behavior...
