it really is not hard to see why insecurity gets pushed through

Here’s my situation today. Our web development team has opted to purchase a third-party product to fill a need rather than build their own. This is a hosted web product that goes on my servers. It was not made with “enterprise” in mind, if you ask me. It can’t be load-balanced, has hokey internal management (the devs can essentially restart asp at will), doesn’t neatly plug into our existing hosted apps, and has never been evaluated for security.

Today I got the request to make the test site/server I stood up for them to be available externally.

For a client presentation next week.

Woot.