Reply to post: Re: Don't load third-party scripts

UK ICO, USCourts.gov... Thousands of websites hijacked by hidden crypto-mining code after popular plugin pwned

veti Silver badge

Re: Don't load third-party scripts

So what's the alternative, exactly?

1. Write, maintain and test everything in house. Oh, and remember to document it too, because otherwise you're just storing up trouble for next week. And even then you'll still have dependencies - on browsers, on server platforms and scripting languages - and vulnerabilities will still creep in. I'm not really seeing the business case for that.

2. Make sure every resource is fully audited, and can't be amended without appropriate hoop jumping. This is marginally less work than (1) (and commensurately slightly less secure), but frankly it's still a shedload of effort for very small return.

3. Avoid scripts entirely. Congratulations, now you spend your whole life saying "no" to the marketing department. Good luck keeping your job, even if your company can survive.

Or 4. Accept that the occasional breach is part of your normal operational costs. Just like you expect employees to pinch some of your stationery, you expect customers to duck out on some of their bills, so you also expect hackers to disrupt some of your transactions. Accept it, model it, budget for it. Move on.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019