[timboslice]

10+ years ago I was at a public library with terminals that were in kiosk mode with IE in fullscreen, hidden start menu etc. I used a paperclip to eject the cd drive, put in a CD with autorun, and voila, visible start menu and was able to get to the internet from IE

[amalag]

I hear Brink's QA department is hiring.

[golergka]

I hope they are also firing.

[juliangregorian]

thatsthejoke.gif

[mannykannot]

QA is not the solution - this is a design failure.

[someone7x]

Exactly. Often in BigCorp type places bugs are classified as deviations from requirements. If this poor design was the requirement, then any objections that may have arisen would've probably been classified as suggestions instead of bugs.

[mokus]

I have to think even the most myopic bureaucrats would remember to include "cannot be opened except by authorized parties" in a requirements document for a safe.

[tyho]

Yes, but all that will achieve is a tester writing it into their plan to check that invalid credentials don't let you in. It will not magically teach programmers to write secure code.

[mokus]

The bit I was replying to was a hypothetical situation where QA does, for some reason, find the flaw but management rejects it because it doesn't match a bullet point in the requirements. My point was just that if that's not in the requirements then you have even bigger problems. I never claimed or even implied (because I don't believe) that writing down that requirement would actually achieve anything.

[acveilleux]

QA is the safety net.

[mtuncer]

anything exposed outside is a potential risk. If there is a button you press it. If it is a hole, you stick something inside.

Having a usb outside is invitation to do something with it.

[kuschku]

Or: Download Chrome, (it installs even with user permissions), install it, download other stuff, win.

[john_b]

Chrome wasn't released 10 years ago.

[kuschku]

Yes, it was just a recent example – browser that launched without installation always existed.