My latest column is up at Dark Reading. I’m afraid I got up on one of my favorite soapboxes–companies trying to silence those who find flaws with their products. It’s not just security companies; take a look at the license you agree to when you use any of the major databases, for example, and you’ll find that you’ve agreed never to tell a soul if you build a test and get results.

I’m not excited about a culture built on cowardice and secrecy. This kind of thing makes no one more secure, and contributes to an atmosphere that leads to more bad surprises, rather than fewer. Let sales reps know that you don’t like this sort of thing, and that it will figure into future purchasing decisions. It’s the only real way to get the attention of the execs who think they’re doing their company a favor.

Categories: Security, General computing, Enterprise, Software