Security and Honesty

Ladder of Disclosure

I really think we need better disclosure on security issues.

Information is power. That’s been a saying I’ve lived by as a data professional for years. That has guided me to capture additional data in applications, often data business users did not think was important initially. The power of information led me to monitor my servers, and proactively look for ways to improve performance. Using resources like SQLServerCentral allowed me to learn about what others were doing, what worked, and what didn’t. The dissemination of information has helped me to have a successful career as a DBA.

When I see articles like this one, where companies are not disclosing the security issues they face, I worry that our industry is not advancing as quickly as it can. It’s important for us to share technical challenges and solutions among as many people as possible in technology. Our systems are complex, the sheer number of technologies is overwhelming for any one person or even company. The vulnerabilities, bugs, and attacks outweigh the technologies by far, yet our employers so often do not want to disclose any issues for fear of bad publicity.

It’s time that this was required. Every company gets attacked, and probably most get hacked in some way. Rather than prevent that they are invulnerable, make the information public, or at least public to other IT workers. It doesn’t have to be a press release from your company, but companies should be required to disclose the problems they’ve had, the vulnerabilities they faced, and the mitigation measures. I don’t want to invite attacks, but I also think that we are building more and more poorly developer applications on top of poorly architected foundations.

Within a reasonable time, companies ought to be forced to disclose the issues. They don’t have to fix them, but the disclosure might just encourage them to spend a little more time ensuring that their infrastructure is protected.

Steve Jones

The Voice of the DBA Podcasts

We publish three versions of the podcast each day for you to enjoy.

About way0utwest

Editor, SQLServerCentral
This entry was posted in Editorial and tagged . Bookmark the permalink.