[ale] a quick test of web site stupid

[Leam Hall]

On 03/04/2013 12:56 PM, Jim Kinney wrote:

> Given the importance of reliable software in a growing number of areas,
> I see a need to have professional licenses for programmers that touch
> finance, health care, public safety, etc. We don't let just anyone
> design a bridge and that's for good reasons. We need to rethink this
> field from a public health and safety perspective.
>
> I can also see a need for mandatory professional certifications for
> System Administrators in those same areas.
>
> ditto for DBA work.
>

While I personally agree with this, very few companies would choose to 
pay the extra for well coded, secure, apps or systems. The entire 
concept of off shoring financial computing gives me the willies.

So how do you push back as a user? Can we find out which companies 
actually care about security enough to staff it with reasonably bright 
people? That is, not just someone who can pass a CISSP test but actually 
has some clue of how a computer works. Check-lists are good, but they 
have limits.

The flip is understanding that if you're not paying for a service, 
you're the product. Dice.com doesn't even use https for password 
changes. Facebook security? Why? They're mining you and your contacts 
for all you're worth.

At this point in my life I've come to the understanding that anything I 
have ever done can be known about, and any transaction I make on the net 
can be public. Thus I really monitor what I write and avoid on-line 
transactions except for PayPal and Amazon. Those seem large enough to 
take things seriously.

Leam