我如何99%可以确定我的软件是安全的?
我最近正在为我所工作的公司创建一个小型应用程序.经过一个月的开发,我已经准备好进行测试.但是,由于公司不允许将不受支持的"软件安装到工作网络上,因此大型IT老板"现在已暂停了该项目.
他们还担心.NET 4 Framework会暴露那里的安全漏洞.
该应用程序本身不会连接到Internet,也不会以任何形状或形式存储数据.在我看来,尽管我没有专门研究安全方面的问题,但应用程序并不需要真正需要这样的安全系统.
我被困住了,我的整个工作职责是创建此应用程序,以加快特定部门的工作速度,现在由于安全问题而被告知否.它非常令人沮丧,对于您在此问题上的任何意见,我将不胜感激.
谢谢
Dan
Hi,
I have recently been creating a small application for a company I am working for. After a month of development, I was ready for testing. However the big IT "boss" has now put a hold on the project as the company does not allow "non-supported" software to be installed onto the works network.
They are also concerned that .NET 4 Framework will expose holes in there security.
The application itself does not connect to the internet and does not store data in anyway shape or form. This to me would seem like that although I have not specifically looked at the security side of things the application would not realy need a security system as such.
I am stuck, my entire job role was to create this application to speed up the work of a particular department now I am being told no due to security issues. Its extremly frustrating and I would appreciate any of your opinions on the matter.
Thanks
Dan
请解释一下:什么是不受支持的"软件?
您是该公司的雇员还是承包商?在两种情况下,都是******(=忘记)公司并搜索新工作(静默搜索模式:先搜索新工作然后离开).
please explain: what is "non-supported" software?
are you employee of this company or a contractor? in both cases f***** (=forget) the company and search a new job (silent search mode: search a new job FIRST an then leave).
丹,
我从您的用户名中得知您大约是23岁.在那段职业生涯中,我认为老板的职责是确切告诉您要使用哪种语言,库和工具,您应该了解什么,等等.您应该期望至少有类似需求规范的内容手.
如果您没有得到精确的作业,您仍然可以提出问题,例如如果我使用这个和那个,对你来说还好吗?"只要不清楚这些体系结构"决定,就不要开始编码.
我也建议接受老板"的决定,即使您不同意这些决定.如果您完全不同意他们的意见,请告诉老板您的担忧.为此做好充分准备,并专注于该主题.
如果您的老板没有改变他的意见,请按照分配的任务解决.不要改变自己背后的决定.如果这样做,那么解决方案的好坏将不再重要,这将取决于他向您展示谁是老板.
无论发生什么事,都不必为此担心太多.损失超过一个月的工作.至少您已经为此付款了(我希望).也许该项目仍然可以挽救.
Hi Dan,
I take from your user name that you are ~23. At that point of career I would think that its the job of your boss to tell you exactly what language, libraries and tools to use, what you should be aware of, etc. You should expect to have at least something like a requirement specification at hands.
If you don''t get a precise assignment you can still ask questions e.g. "Is it okay for you if I use this and that?". Do not start coding as long as these "architecture"-decisions are unclear.
Also I would advise to accept "boss" decisions even if you do not agree with them. If you do not agree with them at all, tell your boss about your concerns. Prepare very well for that and stay focused on the topic.
If your boss does not change his opinion, solve the task as assigned. Do not alter decisions behind his back. If you do that, it won''t matter any more if your solution is good or bad - it will be about him showing you who is boss.
Whatever happened, don''t worry too much about it. There have been greater losses than a month''s work. At least you have got paid for it (I hope). Maybe the project can still be salvaged.