Depending on how strongly you feel about the issue and how much support you can get from your internal application team, you can make a public stink about your concerns. I know a lot of media outlets would jump at the chance to talk to an unsatisfied customer. That generates a lot of page views!
A somewhat less aggressive approach would be to work within your application vendor's user group. These are usually independent operations that produce newsletters, organize conferences and the like. You can network with other users to figure out if you are the only one that thinks it's a problem, and if not, then you can organize a mass movement to get the vendor's attention.
Short of that, you need to grin and bear it. Hopefully you'll also be able to make the case as to why your application teams should be consulting the security group before they commit significant time and resources in implementing insecure applications.
For more information:
Dig Deeper on Vendor Management: Negotiations, Budgeting, Mergers and Acquisitions
Related Q&A from Mike Rothman, Contributor
In the world of security certifications, what is the GISP and how alike is it to the CISSP? In this security management expert response, learn about ...continue reading
Depending on your enterprise, it may or may not be necessary to utilize a QSA. In this security management expert response, learn how to determine ...continue reading
When developing software securely, what role does gap analysis play? In this security management expert response, learn how to implement gap analysis...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.