My friend worked in fintech for awhile and the stories he told me absolutely frightened me.
For banks, if it isn’t broke, don’t fix it. If it is broke, run a cost-benefit analysis…does it cost us less in losses each year than it would to overhaul/fix? Then also don’t fix it.
The code bases he had to deal with were absolute garbage apparently with hokey patch upon hokey patch.
He discovered a password validation issue (for a bank I used to bank at…) but essentially you could have a close but not exact password entry and still be let in. It took them like 6mos to fix it because it wasn’t really being abused.
I’ve worked with banks running older OSs than 95 .
My friend worked in fintech for awhile and the stories he told me absolutely frightened me.
For banks, if it isn’t broke, don’t fix it. If it is broke, run a cost-benefit analysis…does it cost us less in losses each year than it would to overhaul/fix? Then also don’t fix it.
The code bases he had to deal with were absolute garbage apparently with hokey patch upon hokey patch.
He discovered a password validation issue (for a bank I used to bank at…) but essentially you could have a close but not exact password entry and still be let in. It took them like 6mos to fix it because it wasn’t really being abused.
Just absolute madness.