Hello Logan,
On Fri, Apr 10, 2015 at 6:42 PM, Loganaden Velvindron <loganaden_at_gmail.com>
wrote:
>
> The views here are my own. Vincent is free to put the footer of his liking
> :-D
>
> I would like to clarify that I was involved both in web site
> development for very large projects in Europe, spanning over multiple
> servers in various countries. The pressure was immense, and I was
> responsible for handling scalability as well as security on the
> website. I saw our project manager getting yelled at over security
> problems, and suddenly we went from focusing on correcting
> performance, to scrambling to fix the security issues. That's a fact,
> when you work on projects that are worth a lot of money. So, while I
> understand how web agencies operate, I cannot blame them. I was
> thinking more in terms of: "If I knew there would be security problem
> later on, what could I have done ?" Propose to a client a security
> contract on top of maintainance. Later we tried this, and it worked.
> If the client doesn't sign up, at least you have made him aware of the
> risks of him being cheap or just short on budget. They can budget for
> it in the next year.
>
I managed incidents on the server(s) where some of the projects of that web
agency were running. I qualify those as medium-sized projects :-)
What do you qualify as "very large projects"?
Cheers,
--
Ish Sookun
- Geek by birth, Linux by choice.
- I blog at HACKLOG.in.
https://twitter.com/IshSookun ^^ Do you tweet?
Received on Fri Apr 10 2015 - 15:33:38 PST