On 2015-07-10 11:12 Rick Welykochy wrote: > A question arises from the above list of country bumpkin programming gaffs. > Can Adobe not afford software sourcecode analysis kits? They ain't that > expensive and would at least alert programmers at this august company to the > presence of ALL of the above exploits.
I'm often amazed by an apparent lack of understanding of the end-to-end software engineering process (including user-interface design, program documentation & version control, and various levels of testing) in organisations you'd think should know better. I wonder whether some of it arises from a poorly managed, or completely misunderstood, attempt at agile development. Today's SMHerald contains an article about some very well-known ones which are said to store users' passwords in plain text - see http://www.smh.com.au/it-pro/security-it/plaintext-offenders-page-names-and-shames-sites-that-abuse-password-secrecy-20150713-gi9cr9.html The data was apparently sourced from a website "Plain Text Offenders" and their list of culprits includes the ATO, Australia Post, AGL, Bigpond, and so on down the list. Password management is kindergarten stuff, and there's just no excuse for such basic problems IMO. David L. _______________________________________________ Link mailing list [email protected] http://mailman.anu.edu.au/mailman/listinfo/link
