Friday, April 04, 2008
Why Democrats need to pay attention to software security...
OWASP doesn't need to publicly endorse any presidential candidate, but Clinton and Obama most certainly need to endorse OWASP...
Hillary Clinton especially needs to pay attention to software security considering that she is behind in fund raising with compared to Obama. Many of the candidates take in large sums of money via their web sites. Imagine what would happen if a wily hacker decided to launch a denial of service attack against Hillary or even more amusing, someone figured out that her web site wasn't PCI compliant.
If Hillary Clinton had sense, she would enlist not just a few IT security professionals to help make her web site more secure, she would make a big personal donation to OWASP in exchange for all the chapter leads jumping in to also have more eyes. With enough trained eyes, all defects become shallow.
Of course, she is probably doing traditional enterprise security where the view of security is only infrastructure centric. She probably has a few of those junior FBI agents who run Infragard along with a few CISSP folks and isn't really aware of the risk she faces, but she can't be blamed as this mindset is pervasive in most enterprises as well...
| | View blog reactionsHillary Clinton especially needs to pay attention to software security considering that she is behind in fund raising with compared to Obama. Many of the candidates take in large sums of money via their web sites. Imagine what would happen if a wily hacker decided to launch a denial of service attack against Hillary or even more amusing, someone figured out that her web site wasn't PCI compliant.
If Hillary Clinton had sense, she would enlist not just a few IT security professionals to help make her web site more secure, she would make a big personal donation to OWASP in exchange for all the chapter leads jumping in to also have more eyes. With enough trained eyes, all defects become shallow.
Of course, she is probably doing traditional enterprise security where the view of security is only infrastructure centric. She probably has a few of those junior FBI agents who run Infragard along with a few CISSP folks and isn't really aware of the risk she faces, but she can't be blamed as this mindset is pervasive in most enterprises as well...
