Sony’s (SNE’s) PlayStation Network (PSN), JPMorgan Chase (JPM) and the Internet Systems Consortium (ISC). Hacked. Look it up.
However, there is still (Atlantic time) 15 hours left to wreak havoc before 2015.
On a serious note, if best practices were followed we would not be having these problems. Simple things like patching, situational awareness, wrapping and filtering and due diligence to ensure that code is secure, functions and classes that access databases, doing away with the misnomer that stored procedures erase SQL injection attacks… these are sort of basic premises that all businesses should be following.
If you are really serious about security consider CodeSecure. If you want to know more about this product and how it saved a business that I was testing from having its PII stolen give me a call. It is a true story and this tool, while not perfect, gave up the goods and gave me a path to many SQL injection exploits which dumped the database.
Armorize | CodeSecure | http://www.armorize.com/codesecure/
(I have no affiliation with Armorize). It just works well and I use it.
The bottom line – the potential blow-back is much more severe than taking the time to add a few cycles to your development process so that you. are. secure.
Jock Pereira | jockpereira.com | firstname.lastname@example.org | 978-666-4000