Vulnerabilities in Visitor Check-In Systems Reveal (Yet Again) That Companies Don’t Really Care About Security
We're starting to notice a disheartening pattern in how companies deal with security bugs.
Join the DZone community and get the full member experience.Join For Free
We all know that bugs are part of the software development process. No developer is perfect, despite what a few of them may think. (We all know that guy.) But you know what doesn’t have to go hand in hand with this issue? Companies being jerks about it.
A recent piece in Tech Crunch reveals that IBM researchers found 19 separate vulnerabilities in popular visitor management systems – you know, the tablets a lot of our offices use to check in visitors, DZone’s included. These bugs ranged from allowing unauthorized parties to download visitor logs all the way up to granting access to the company’s underlying operating system.
And of course when Security Editor Zach Whittaker reached out for comment, many of these companies failed to respond at all, with one instead signing him up to an automatic mailing list without his permission. One company even blamed the issue on user error.
While the bugs have largely been addressed by now, that’s ultimately beside the point. As another one of Whittaker’s pieces from a few weeks ago explains, “The truth is, most companies don’t care about the privacy or security of your data. They care about having to explain to their customers that their data was stolen.”
Sure, a potential breach of one of these systems pales in comparison to something like a Facebook breach, where millions of users have their information stolen at a time. The result, however, is still the same: Companies getting pissed off when they have to come clean about their own failures.
Opinions expressed by DZone contributors are their own.