羞辱性加薪
You might think security teams inside big companies hate it when researchers and the press point out vulnerabilities, but that’s not always the case.
您可能会认为,当研究人员和新闻界指出存在漏洞时,大公司内部的安全团队会讨厌它,但事实并非总是如此。
Security teams are just one voice among many, and often they have trouble convincing bosses that security and privacy should be a priority. An embarrassing story in the press can change that quickly.
安全团队只是众多团队中的一员,他们常常难以说服老板将安全和隐私放在首位。 媒体上令人尴尬的故事可以Swift改变这一状况。
For example: Security researcher Troy Hunt once called out Betfair Security for a system that allowed anyone who knew a user’s birthday to change their password. A month later Hunt met an employee from that company, which he wrote about on his personal blog:
例如:安全研究员特洛伊·亨特( Troy Hunt)曾经呼吁必发安全 ( Betfair Security)设计一个系统,该系统允许知道用户生日的任何人更改密码。 一个月后,亨特遇到了该公司的一名员工, 他在自己的个人博客中写道 :
…a bloke came up and handed me his card – “Betfair Security”. Ah shit. But the hesitation quickly passed as he proceeded to thank me for the coverage. You see, they knew this process sucked—any reasonable person with half an idea about security did—but the internal security team alone telling management this was not cool wasn’t enough to drive change. Negative media coverage, however, is something management actually listens to.
…一个家伙冒出来,递给我他的名片–“必发安全”。 妈的 但是,犹豫很快就过去了,他继续感谢我的采访。 您知道,他们知道这个过程很糟糕-任何对安全性有一半了解的合理人员都可以做到-但是仅内部安全团队告诉管理层这并不酷就不足以推动变革。 负面的媒体报道是管理层实际上听的东西。
We all know how hard it can be for small teams to push their agenda in large companies, so there’s a certain logic here. But I wish companies would listen to internal security teams, and outside researchers, before problems go massively public. It’s usually a communication breakdown inside companies, but fixing this breakdown could prevent a lot of bad press—and keep us all more secure.
我们都知道,小型团队要在大型公司中推进其议程会非常困难,因此这里有一定的逻辑。 但是我希望公司在问题大量公开之前会听取内部安全团队和外部研究人员的意见。 通常这是公司内部的一次通信故障,但解决此故障可能会避免造成很多不良压力,并使我们更加安全。
Image credit: Virgiliu Obada/Shutterstock.com
图片来源: Virgiliu Obada / Shutterstock.com
-
› How to Quickly Scroll Through Home Screen Pages on iPhone and iPad
-
› How to Move a Window to Another Virtual Desktop on Windows 10
-
› What’s the Deal with Google Home and Nest? Is There a Difference?
翻译自: https://www.howtogeek.com/fyi/does-publicly-shaming-companies-improve-security/
羞辱性加薪