|
|
|
|
|
|
by justin_oaks
759 days ago
|
|
|
I once worked for a company with a security-related product. Security was not a high priority at that company. The software developers had no security training. The process for improving security was basically "fix something when it would avoid bad PR". If that's the way it can be at a company selling security products, I can only assume it's worse at other companies. The old "trust the client, no validation on the server" is completely pathetic. It indicates nobody even tried to make the system secure at CSC. |
|
|