EXPERT RESPONSE
Unfortunately you are playing cards against the house and they hold all the aces. There really isn't anything you can do unless you are willing to switch vendors. Basically, you've built your business around this vendor's applications -- and for that reason it knows you aren't going to migrate to a new vendor on a whim -- so there is little to no incentive for the vendor to do much more than smile, say thanks for the feedback and go on its merry little way.
Depending on how strongly you feel about the issue and how much support you can get from your internal application team, you can make a public stink about your concerns. I know a lot of media outlets would jump at the chance to talk to an unsatisfied customer. That generates a lot of page views!
A somewhat less aggressive approach would be to work within your application vendor's user group. These are usually independent operations that produce newsletters, organize conferences and the like. You can network with other users to figure out if you are the only one that thinks it's a problem, and if not, then you can organize a mass movement to get the vendor's attention.
Short of that, you need to grin and bear it. Hopefully you'll also be able to make the case as to why your application teams should be consulting the security group before they commit significant time and resources in implementing insecure applications.
For more information:
In this expert Q&A, security pro Michael Cobb discusses whether or not third-party software tools should be used to customize applications.
Learn more tips and tricks on how to keep your applications secure.
|
