• United States



No, the customer IS NOT always right

Jun 29, 20112 mins
Data and Information Security

Sign up today.

Get your morning news fix with the daily Salted Hash e-newsletter!

Dave Maynor of Errata Security is right about a lot of things in his latest blog post.

Especially this:

Security is the first business I have seen where the customer is not always right.

I will admit I have changed testing strategies to appease customers. The wide eyed “you are gonna do what?!?!” response to a testing planned has made me worried about losing a client so although I will ruffle my feathers and puff out my chest on the importance of the testing but in most cases I will acquiesce to please the clients. This is my fault and I should not do it.

He hits the mark on several other points, particularly his take on LulzSec’s victims:

I’ve heard a lot of people say that Lulzsec did security a favor by really showing the need for security. I disagree completely. I think Lulzsec has shown how ineffective the security community and marketplace really is. These were not mom and pop targets that got hit but instead were several mega corporations that spend more money on security than most people will make in a lifetime. The spending did not stop the compromise and posting of their sensitive data so what good is it?

A truly insightful blog post. Read it.

–Bill Brenner

one-stop view of latest business threats. We created it for you! Bookmark it! Use it!

CSO’s Daily Dashboard gives you a