When Bad Things Happen in Good Software

May 13, 2015  |  Javvad Malik

When I was 9, I left school one day to see my mum was not there to pick me up. I thought she may be a few minutes late so spent some time playing with friends in the playground until each and every one of them were picked up and I was left alone in school. Minutes felt like hours as I found myself being the only child left in the playground. A teacher took me indoors and I was close to tears as she phoned home to enquire as to why no-one had come to collect me.

It transpired that my mum had spoken to the mother of one of my friends earlier in the day. She had asked my friend’s mother to pick me up so that my friend and I could go out to play. My friend’s mother misinterpreted it, thinking that my mum meant she would bring me around to play straight after school.

Miscommunications and misunderstandings happen even when your loved ones are involved. That doesn't make it right, it didn't stop me shedding some tears and asking my mum repeatedly why nobody came to get me.

In retrospect, it wasn't a huge deal, I was fine and it was a simple misunderstanding, but at the time it seemed quite serious.


Fast forward almost 30 years and I'm feeling a sense of deja vu when Peter Lapp from Morpho Trust USA kindly let us know of vulnerabilities within our products. Unfortunately, there was a communication breakdown as a result of how we filed the ticket in our system and how we followed up with Peter.

In both cases we let our customer down - much like how my mum and my friend’s mother let me down all those years ago. We have identified where the miscommunication occurred and have added additional practices to ensure our employees are aware of the escalation process for vulnerabilities, as well as the need to regularly update the reporter of the vulnerability with the status of the fix.

As the Security Advocate here at AlienVault, keeping our community relations and dialogue open and meaningful is part of my role. I am extremely grateful for the support we get from security researchers, beta testers and users who provide extremely valuable feedback to us. As a company we strive to engage in the discussion through our support channels, forums and social media presence. However, if there is any issue where you believe the ball has been dropped - do not hesitate to get in touch with me personally at jmalik@alienvault.com or twitter @J4vv4D

Read more on the vulnerability referenced.

Share this with others

Get price Free trial