Storing passwords that can be decrypted...
...with the keys stored on your server. Will people never learn?
Scrum.org, the Scrum certification and training site run by Scrum co-creator Ken Schwaber, appears to have contacted users to warn them of a nasty security breach. Reg reader "KB" has sent us an email sent to Scrum.org members and customers that says "On May 26, 2016, we noticed an issue with the Scrum.org website outgoing …
yeah, it's a shame isn't it?
Considering the extent of the compromise, I have to wonder about their defense in-depth strategy.
Especially when there isn't anything which triggers alarms and bells when a local account is created on a public facing server.
Also... in this day and age, start using web hosting applications coded in HTML 5.
..and I will ROFLMAO if we find out it's built using something like WordPress.
Why ?
I get that the vuln came from a supplier package - but who's to say that said package wasn't developed using DevOps ?
DevOps is just the new name for brainstorming something and implementing it before analyzing all the possible consequences. Sounds like a DevOps package to me.
The exams are horrendously prescriptive when I thought the whole idea was to be 'agile'. I'm surprised the material and exams don't stipulate the colour of your underwear to be a 'scrum master'. Frankly, the concept is so simple and obvious that you could learn it in a few hours. The exams are very contrived just so they can make money putting you through it.