Troy Hunt: The Effectiveness of Publicly Shaming Bad Security


22 bookmarks. First posted by 1jh 9 weeks ago.


Troy Hunt: The Effectiveness of Publicly Shaming Bad Security
from twitter
7 weeks ago by whysthatso
Here's how it normally plays out: It all begins when a company pops up online and makes some sort of ludicrous statement related to their security posture,…
from instapaper
8 weeks ago by toph

You see, they knew this process sucked - any reasonable person with half an idea about security did - but the internal security team alone telling management this was not cool wasn't enough to drive change. Negative media coverage, however, is something management actually listens to.

I've seen this play out so many times before that frankly, I've little patience for those decrying shaming in this fashion because it might hurt the feelings of the very people charged with receiving feedback from the public. If a company is going to take a position on security either in the way they choose to build their services or by what their representatives state on the public record, they can damn well be held accountable for it ...
security  business  journalism 
8 weeks ago by jefframnani
Here's how it normally plays out: It all begins when a company pops up online and makes some sort of ludicrous statement related to their security posture,…
from instapaper
8 weeks ago by indirect
Now I don't know how much of this change was due to my public shaming of their security posture, maybe they were going to get their act together afterward anyway. Who knows. However, what I do know for sure is that I got this DM from someone not long after that post got media attention (reproduced with their permission):

Hi Troy, I just want to say thanks for your blog post on the Natwest HTTPS issue you found that the BBC picked up on. I head up the SEO team at a Media agency for a different bank and was hitting my head against a wall trying to communicate this exact thing to them after they too had a non secure public site separate from their online banking. The quote the BBC must have asked from them prompted the change to happen overnight, something their WebDev team assured me would cost hundreds of thousands of pounds and at least a year to implement! I was hitting my head against the desk for 6 months before that so a virtual handshake of thanks from my behalf! Thanks!
business  internet  security  social-media  shame  troy-hunt  bad-press  spin  shaming 
9 weeks ago by jm
Public shaming gets lots of places to clean up their crap when they ignore their internal security people.
orgbehavior  incidentresponse 
9 weeks ago by dsalo
Troy Hunt: The Effectiveness of Publicly Shaming Bad Security cc
shameonyoutoo  from twitter
9 weeks ago by yogsototh