innismir.net

So, the web is all abuzz with Obama being elected to President. He has already set up Change.Gov for his transition, a first.

Personal politics and concerns about whether this is .gov worthy or why we need this when we have presidentialtransition.gov aside, this is an important lesson on why QA is important before putting your website/code/whatever into a production environment. People have release early/release fast/release often mentality when dealing with code. This can be fine when you are dealing with a project that no one expects to be 100% on the first pass. But when you are dealing with a site that should be a somewhat of a flagship for your “brand” it helps not to have embarassing SNAFUs like this:

Also, this SCREAMS possible XSS security hole to me (Note, this isn’t my screenshot, I didn’t test this, nor do I condone or endorse probing .gov sites for security holes without permission)

All of this annoys me to no end as a security guy, as QA is when we usually get called in (at the last minute) to “make sure we’re secure.” More often then not, when I tell them, in fact, they are not secure, I get “Well, we can’t fix that right now! We’ll fix it later in production!” from the developers and they try to move forward until someone from management smacks them with a rolled up newspaper. I’m thinking that this a shining example of what happens when the developers go ahead without being smacked. Quality Assurance is a necessary step when moving forward in website. Yes it’s tedious, yes it’s annoying, but it will save you pain and embarassment if you do it correctly.

(Hat Tips to Michelle Malkin for originally pointing out the site and dual_parallel for doing some in-depth research)