It’s a security risk!

How many times have you heard the phrase “No, its a security risk.” when you ask if it is possible to implement a new feature into something that you use but aren’t a developer of (or possibly you aren’t a developer yourself). Well, frankly this is a blog post asking people to stop doing this. If you don’t want to put this feature in, just tell us, if you don’t think it is possible, let us know, if you can’t be bothered listening to us, please just tell us.

The phrase “Its a security risk” is overused and frankly it stops it meaning anything when it needs to mean something. The phrase should be used only when something is actually a security risk.

For example, I asked for openID to be implemented into a web service I use (it isn’t a public one, and I’m not going to oust the “developer” because that would be pretty horrible), and that was met with the reply “No, never going to happen. It’s a security risk.”. The forum topic was then deleted (because me saying that the site ran joomla was also a security risk) and that was the end of that.

Now, although there have been security problems with openID and how it works, but there are security problems with absolutely everything we do. If you won’t do anything if it is a “security risk” then don’t get into IT. Everything is a security risk, and we need to understand that. I’m not saying we should implement everything willy nilly, but lets not be so pathetic. The same IT person who thought openID was a security risk uses windows…what else do I need to say?

If you are a developer, let me challenge you. Try not to say “Its a security risk.”. If you honestly have security concerns that is fine, but if not, let the person know exactly why you don’t want to implement it, even if it is something as simple as “I don’t want that feature.” That is more honest. I can’t stand lies…

Tags: , ,

2 Responses to “It’s a security risk!”

  1. Liam Says:

    I would agree to a point. If adding a feature to a website brings security issues with it then i agree it should not be used. However i believe some projects and developers (the sloppy ones that dont know squat about security) hide behind the “its a security risk” phrase. ok so its a security risk – THEN FIX THE RISK!

    The other thing is, as you know i work in security and i have to say your belief your safe because you run linux is a lot of …..well…..crap. Every week without fail i get email notifications of vulnerabilities that have been discovered in the linux kernel, most of which are covering from the latest versions to versions released 2 years ago. Please stop it with the I’m safe im a linux user, very good, im pleased for you, your not safe your just less of a target my friend. Besides its becoming less and less about the OS your running and more and more about the programs that run on them.

    I agree with your arguent for not using IT if your paranoid about security, just go dig a hole in the middle of no where, part filll it with concrete plop your computer in (having securely erased your disks) and place your computer in the concrete, fill in the rest of the hole, stop using bank cards /credit cards, phones. leave your job. burn your house and all your belongings, fake your death, and live in the forest and maybe – JUST MAYBE you wont get hacked!

  2. YaManicKill Says:

    You seem to have weird ideas about what I believe about the operating systems I use. In the past year, I have actually been paying attention to security vulnerabilities, and it is shocking the number of ones that are found in the linux kernel that have been there for a few years, and someone found them a few years ago but nothing was done with it.

    When I said that the same developer uses Windows, it was not implying that linux is more secure, more that if you were completely that paranoid about security (rather than just using it as an excuse) then I would probably find a different computer setup at your house. Ok, it was badly worded, I apologise, but rather saying that he probably wouldn’t have a computer connected to the internet if he was that paranoid :-P

Leave a Reply