Wednesday, March 14, 2012

Government web FAIL

This caught my eye: Forbes claims our Government writes crappy code. Specifically web code.

Of course this was based on an analysis the security company Versacode did, so I'm not convinced how unbiased their judgement is. Still, it isn't all that hard to believe, since in my professional experience, there is an awful lot of insecure web code, out there. Most of this comes from sites with some sort of database backend (dynamic sites) rather than static sites. 

In my experience, this is because when projects get behind schedule (have you ever known a project *not* to get behind schedule?), testing and security concerns are the first two things to be tossed out the window. 

Okay - this little post ought to please all my Libertarian friends. But let me point out (since I have no ax to grind, unlike Versacode) that this sort of thing is *not* the exclusive failing of government. 



Hot Sam said...

There is a government agency that shall remain nameless, but I have it on good authority that their internal data is constantly being invaded by hackers, especially from China.

According to the insider, senior management in IT simply doesn't understand security well enough to stop it. So, when they find an infected computer, they wipe its memory clean and move to the next one. There is a forest fire around them, and they are stomping on burning leaves.

Let's just say that this particular agency has a lot of information about US businesses that could be used for insider trading or for other insidious purposes.

Now, no one can confirm that the Chinese GOVERNMENT is involved. It may be freelancers. But I'm not sure that that matters.

Dr Ralph said...

It's been my experience that even if a vulnerability is known about, some key decision maker will decide *not* to fix the problem because it will disrupt/inconvenience/cost-too-much, and they'd rather take their chances with the vulnerability. This isn't a government issue - it's a management issue.

As the saying goes, there's no patch for stupidity.