Acunetix Web Vulnerability Scanner 8 Combats Rise in Web Hacking Attacks
Acunetix Web Vulnerability Scanner 8 Combats Rise in Web Hacking Attacks
February 16, 2012 – 10:12 pm | No Comment
Read the full story »
releases

Acunetix Web Vulnerability Scanner Product Releases

docs & FAQs

Acunetix technical documentation and FAQ

news

Acunetix Company and Web Security news, & Press Releases

events

Acunetix Webinars, Events and Training around the world

web security zone

Everything you need to know about Web Security

Home » articles, web security zone

You can’t change what you tolerate

Submitted by on March 10, 2011 – 10:50 pmNo Comment

securityAttending a recent meeting I heard one of the speakers say “You can’t change what you tolerate.” Apparently it’s a quote from Cesar Millan (the dog whisperer) but it really struck a chord in me regarding web application security and overall information risk management. How can we possibly expect to make things better when we aren’t even aware that changes need to be made?

So many people in management choose to ignore the realities of what’s taking place in their environments. Disregarding the law, industry regulations, fiduciary responsibilities and even “best practices”, many continue to tolerate poor security across the board resulting in abuse of their business systems. Then these same people wonder why they’re being targeted and bad things continue to happen day after day.

I agree with what Cesar Millan said: indeed, you cannot change what you tolerate. Nor can you fix what you don’t acknowledge. We see this in so many aspects of life in things like our jobs, our relationships and (especially) our health. Apparently it’s human nature. If we let this “sweep it under the rug and pretend like it’s not there” behavior affect us personally I can’t imagine how we’ll ever reach a point where we address this problem – without question – in/around application and information security. How long will we have to keep repeating these same mistakes? How many more years will those of us in IT and security have to cry out and beg for management to stop the bleeding? I remain hopeful but I suspect there’s a long road ahead of us. Good for our careers in IT and security but not so good for business in the long term.

Everything you do in your work – be it threat modeling, SDLC management, training, security testing or whatever – either moves you towards better security or away from better security. I’ve learned these lessons the hard way many times. If you’re in management or can somehow influence others in management, do what you can to move application security in the right direction. You may not see nor reap the benefits immediately but that’s okay. This stuff takes time.

Bottom line: don’t ever lose sight of the fact that security is not just a process, it’s also a choice.

Leave a comment!

Add your comment below, or trackback from your own site. You can also subscribe to these comments via RSS.

Be nice. Keep it clean. Stay on topic. No spam.

You can use these tags:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

This is a Gravatar-enabled weblog. To get your own globally-recognized-avatar, please register at Gravatar.