Remember how great you thought it was that programming remained a field where you could achieve success by being smart, instead of by being barred by credentialism?
Remember how you talked about how this probably wouldn’t last and the gatekeepers would come for us eventually?
18. It is no longer a defence, for a company using an e-commerce platform, to say that
it was not aware of the risk of SQL injection based attacks, or similarly established and
in some cases routine forms of cyber-penetration. The ICO should introduce a series of
escalating fines, based on the lack of attention to threats and vulnerabilities which
have led to previous breaches. A data breach facilitated by a ‘plain vanilla’ SQL
attack, for example, or continued vulnerabilities and repeated attacks, could thus
trigger a significant fine. We were also surprised that there is no requirement to make
security a major consideration in the design of new IT systems and apps. We therefore
recommend that security by design should be a core principle for new system and apps
development and a mandatory part of developer training, with existing development
staff retrained as necessary.
That’s from a report ordered printed by the UK House of Commons, June 2016