

Atlassian: An update on our security breach - bootload
http://blogs.atlassian.com/news/2010/04/oh_man_what_a_day_an_update_on_our_security_breach.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+AllAtlassianBlogs+(Atlassian+Blogs)&utm_content=Twitter

======
bootload
_"... Firstly, we made a big error. For this we are, of course, extremely
sorry. The legacy customer database, with passwords stored in plain text, was
a liability. Even though it wasn't active, it should have been deleted.
There's no logical explanation for why it wasn't, other than as we moved off
one project, and on to the next one, we dropped the ball and screwed up. ..."_

Plain text for passwords fast, but not good.

~~~
doron
It is kind of amazing they did this, and the fact they didn't fix it when they
could, speaks of negligence. I appreciate the honesty and the "No Bullshit"
stance.

Still you have to wonder, Atlassian is building organizational communication
tools, they are also using them their own development and business process, It
gives pause when you consider the software they develop to actually do the job
the are claiming it helps to achieve.

Isn't the whole point of this type of software, is to help stuff like that not
happen by enhancing organizational communication?

~~~
btilly
They switched to dogfooding their own product in 2008, and you'll note that
accounts created after that are not affected.

~~~
amatriain
What the hell is "dogfooding"?

~~~
waterlesscloud
Using your own product internally. From "eating your own dogfood."

<http://en.wikipedia.org/wiki/Eating_one%27s_own_dog_food>

~~~
amatriain
I didn't know that had a name. Thanks.

~~~
po
It's an adage that's been verbed into a gerund because the verb it would have
been based on didn't exist.

------
nnutter
YOU ARE NOT ALLOWED TO MAKE MISTAKES EVER!!!!

~~~
reitzensteinm
This isn't forgetting the milk, this is forgetting your anniversary.

~~~
wglb
Or "Honey I'm home" "Hi. Where's the Baby?"

