Knight and Day for SEC Response

A fantastic OpEd piece in the New York times by a former IT staffer discusses why the SEC’s initial thinking that testing all code, is not feasible.

I was involved in one of these debacles before. An online banking system was updated resulting in customer viewing the last page viewed by the last customer who logged onto the online banking system. I too thought better testing was the answer. As I sat down with internal and external IT folks, I learned the myriad of reasons why it just wasn’t possible to put too much faith.

In the end we increased  our testing resource and broadened what was tested, but had to find ways to mitigate the related risks that occurred after an incident such as this.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s