A couple of weeks ago, our CEO Mr. Brandstätter shared his opinion about OpenSSL and the Heartbleed Bug in an advertisement in The Wall Street Journal. On April 25 we received a very nice letter from Mrs. Eul Lee, who commented on Mr. Brandstätter’s opinion piece. Mrs. Lee was so kind to allow us to post her letter on our blog. Hopefully, you will enjoy reading her letter as much as we did.
Dear Mr. Brandstätter,
Kudos for your advertisement on 25 April, 2014 in Wall Street Journal.
This security issue involving the open source code should have been more publicized in the years past, but no one wanted to rock the boat as the average homes and then almost every young and old became addicted to the lifestyle with computers and online everywhere. There were businesses to be started and moneys to be made – in software, hardware, accessories, etc.
I am also fast approaching 60 years of age, like you, and got into computer programming in early ‘70s. Fascinated by the intimacy to the machine, I worked mainly as an IBM Basic Assembler Language (BAL) programmer until 1988 when I became a software developer working for Essential Software (a competitor to SAP; later acquired by Legent Software, then again by Computer Associates in 1995).
Only then, I realized how much I didn’t know about the inside of computer programming! As a software developer I was working as a legitimate hacker getting into the IBM Operating System modifying by-authorization codes before the “PUT” or “WRITE” commands were executed. I designed and developed a software that looks into the content of a report and compares them with pre-determined contents of already-processed reports (yearly, monthly or even sums of all departments, etc.) to balance the results. If the results do not check out, the whole printing process would be halted and pre-determined actions were to be taken. This was to prevent erroneous reports to be printed and delivered to 500 ‘bank branches’ before the error was detected much later, maybe too late.
Not only I learned that there were IBM codes that were not accessible to everyday programmers, but also that the testing cycle of a general utility software must go through rigorous tests covering all extremes – including almost ‘unthinkable’ sequence of events caused by all types of users.
All these extensive work could be done only by certain select individuals – both for design, develop and quality control – and the cost was covered by the hefty initial purchase fee and the annual maintenance contract fee borne by the ‘users.’
I have been dismayed by the low price of PC software and the talks of open codes. To this date, I do not trust online-banking as many people do out of my security concern and refuse to participate in social networking due to my distrust in those companies’ intensions for the future use of all the contents. I am basically becoming antiquated. I know even the well-publicized ‘encryption’ is only good during the transition of data.
Your push for secure codes may not go far because of the cost involved and the public’s appetite and addiction to the low-cost availability of applications, but companies processing critical information must adhere to strict standard and regulations. Thank you for bringing this to the attention of public, who may not understand the severity of security and privacy risks of the open codes that are prevalent in the industry.
By the way, each time I visit Germany with my German husband, I am astonished by businesses in small towns all over Germany. I have been to Nuremberg several times – what a charming big city!
You must be registered in order to write comments. To register as a new user click here.
If you're already registered, please leave a comment here