SI
SI
discoversearch

We've detected that you're using an ad content blocking browser plug-in or feature. Ads provide a critical source of revenue to the continued operation of Silicon Investor.  We ask that you disable ad blocking while on Silicon Investor in the best interests of our community.  If you are not using an ad blocker but are still receiving this message, make sure your browser's tracking protection is set to the 'standard' level.
Politics : View from the Center and Left
 Public ReplyPrvt ReplyMark as Last ReadFilePrevious 10Next 10PreviousNext  
To: cosmicforce who wrote (377469)7/19/2018 10:57:26 AM
From: Sun Tzu  Read Replies (2) of 542908
 
My hacker days are long gone. Now I am putting that mindset to use in risk analysis. Essentially, I ask the vendor to walk me through the end-to-end process and I look for cracks (that if I was still good enough I could exploit). For example, how do you limit your exposure to bugs in the libraries you use? How do you limit the chances that your AWS credentials won't be stored on Github and what will you do if they are? How do you handle employee churn?

Very few companies have their act together. The majority have too many holes (and sometimes gates) open. What distinguishes the good from the bad is that the good ones acknowledge the issue and come up with a plan to address it. The bad ones either try to cover the holes or actually expect us to pay for them fixing their process/apps.
Report TOU ViolationShare This Post
 Public ReplyPrvt ReplyMark as Last ReadFilePrevious 10Next 10PreviousNext  

HomeMailHotSubjectMarksPeopleMarksKeepersSettings
Terms Of UseContact UsCopyright/IP PolicyPrivacy PolicyAbout UsFAQAdvertise on SI
© 2026 Knight Sac Media.  Data provided by Twelve Data, Alpha Vantage, and CityFALCON News