SQLServerCentral Editorial

Security and Honesty

,

Information is power. That's been a saying I've lived by as a data professional for years. That has guided me to capture additional data in applications, often data business users did not think was important initially. The power of information led me to monitor my servers, and proactively look for ways to improve performance. Using resources like SQLServerCentral allowed me to learn about what others were doing, what worked, and what didn't. The dissemination of information has helped me to have a successful career as a DBA.

When I see articles like this one, where companies are not disclosing the security issues they face, I worry that our industry is not advancing as quickly as it can. It's important for us to share technical challenges and solutions among as many people as possible in technology. Our systems are complex, the sheer number of technologies is overwhelming for any one person or even company. The vulnerabilities, bugs, and attacks outweigh the technologies by far, yet our employers so often do not want to disclose any issues for fear of bad publicity.

It's time that this was required. Every company gets attacked, and probably most get hacked in some way. Rather than pretend that they are invulnerable, make the information public, or at least public to other IT workers. It doesn't have to be a press release from your company, but companies should be required to disclose the problems they've had, the vulnerabilities they faced, and the mitigation measures. I don't want to invite attacks, but I also think that we are building more and more poorly developed applications on top of poorly architected foundations.

Within a reasonable time, companies ought to be forced to disclose the issues. They don't have to fix them, but the disclosure might just encourage them to spend a little more time ensuring that their infrastructure is protected.

Steve Jones


The Voice of the DBA Podcasts

We publish three versions of the podcast each day for you to enjoy.

Everyday Jones

The podcast feeds are available at sqlservercentral.mevio.com. Comments are definitely appreciated and wanted, and you can get feeds from there. Overall RSS Feed: or now on iTunes!

Today's podcast features music by Everyday Jones. No relation, but I stumbled on to them and really like the music. Support this great duo at www.everydayjones.com.

You can also follow Steve Jones on Twitter:

Rate

You rated this post out of 5. Change rating

Share

Share

Rate

You rated this post out of 5. Change rating