Engineering secure systems is hard. Customer service isn't.
Panera Bread by Mike Mozart via Flickr

Engineering secure systems is hard. Customer service isn't.

Steve Ziegler Steve Ziegler

Steve Ziegler

Vice President of Engineering

发布日期: 2018年4月5日
+ 关注

Word got out two days ago that Panera Bread had a significant security hole (that might be too generous) in one of their APIs. These days, that's not too surprising. But, what was surprising was that:

  • They knew about it in August 2017 and never fixed it.
  • Their initial take was that they were being scammed or tricked into a sales pitch.
  • The Director of Information Security was also a Senior Directory of Security Operations at Equifax. That sounds familiar.
  • The researcher had to alert two industry experts to publicize the issue to get it resolved. One of them, Troy Hunt, has blogged about how hard it is get companies to believe your security reports.

The post by the security researcher is a good, but frustrating read:

Brian Krebs, the other industry expert, wrote another good and even more critical post:


要查看或添加评论,请登录

更多精彩文章

社区洞察

其他会员也浏览了