|
|
|
|
|
|
by tptacek
5461 days ago
|
|
|
The idea that every team (in-house and outsourced) in Sony that owns an application has a security resource, or that the central resource in Sony knows about every application, does not square with the reality of most of the companies I've gotten to know. This is the same problem I mentioned upthread (trivial bugs sneaking into huge codebases), just generalized out one level. The original comment I responded to asserted that "securing applications against these kinds of attacks is not difficult". Again: yes it is. I know companies who spend huge amounts of money trying to defend against simple attacks, and they are not 100% successful. It isn't just "not not difficult"; it isn't just "difficult"; it's one of the hardest problems in IT. |
|
|