Long-Term vs. Short-Term: Whether to Roll out an Application

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with

Already have an account? Sign In »

2 hours 8 minutes
Video Transcription
All right, So you're developing a new application, and you're working to bring this to to an M V. P.
Pretty normal. Like pretty much everyone in tech is doing this. Right? So, um, for an android App to market.
You're waiting on your most recent deploy to finish checks in your continuous development pipeline. You notification from get lab that a number of your dependencies have a security vulnerability. Oh, never, never, ever has happened. You can deliver the M V P to a small audience in the next week.
Resolving the security vulnerabilities will cause you to push the M V P out to the end of the month
as the fix for one of the dependencies won't be released until the last Tuesday of the month. Your company's the M V P in order to secure funding and continued development the product beyond this quarter.
You putting that most He could be putting that at risk. So do you roll out her weight?
Yeah, certainly challenging. Ah, little more, I think a little more challenging. The last scenario in this example The first thing that I'm thinking through as a business owner myself is not thinking through Well, as you mentioned, what happens with the funding? If I If I delay this, it could cause the investors that were on board
to jump off the ship, so to speak and say, Well, you know what?
You're not able to push out the product. It doesn't look like you're serious about this, you know, whatever issue might be, there's a lot of things that investors may pull out for reasons that may pull out. So I'm thinking through that I'm also thinking through Do we have cash on hand
as an organization? So do we have enough? If we can't get this funding, do we still have enough to sustain operations, etcetera, to talk about how you did investigate that, right? So you're the you're the developer rate. And so, like, you know, it's so I think I think
being conscious of the business side of any organization is a critical component for anyone at any level of the organization on dhe. Whether or not you get actual financials, et cetera, I would talk to maybe my manager and say, Hey, yeah, understand, If we delay this, they may affect the funding.
If we affect the funding like what happens in your opinion, or can we kind of have a meeting on this and discuss that?
And then that way I can determine is it is critical is I'm thinking it is Or maybe, you know, maybe we're just we're going for the next funding round because we're trying to grow more. But possibly that could be delayed a little bit, right? Like some companies may
delay for various reasons. Sure. So is this something that we could delay? So I think that we need to have those conversations with someone that has
more insight to the financials to better to term that now, at a personal, technical practitioner level,
you, you know, we all want we all strive for, Hunter said. Security. We all know it's never gonna actually happen. But we do want to produce technical products that are secure as possible because we we understand that our family remembers or somebody we know. It could be the person using that right? So I think there's a the dilemma there of
as a practitioner of my okay with
pushing out something that I know has vulnerabilities, even though it's too just a small audience. Sure,
and from there. What could happen? Because I let that get out there and go through it. Is that you? And I think the other thing I would think through my head is what is this actual product, right? Is it just a microphone that we're talking through right now? Or is this in medical device, like defibrillator it right where that could actually cost somebody their life?
So there's a lot of things that I would start thinking through there with my health care background, et cetera, to try to determine the best route to go in this this particular scenario? Yeah.
I mean,
you know, one of the ones in market that was one of the biggest tax in history was from under armour rate my fitness bell, right? Um, ins a lake. I mean, that data it was
is valuable, but not quite as valuable as other data that you might have out that right? Like so, you know, personally identifiable information, those kind of things. It's also, you know, not quite the heart level. Right? So, um, so you have that data combined with other data, As you know,
if you know what you exercise on and what you're
you know, what? Your calorie count is pretty important. So they come. Yeah, like it's, um
it's it's interesting. And I think like that to your point, like there's wth E.
This is my profession, right? And so, like when you put out a product you wanted to be a CZ great as possible. Um,
And when you know that there's a serious there's some serious issues with that, like, you don't feel good about yourself, right? I'm exactly at the end of the day so that there's that point as well. Um,
so I think leak,
it sounds like you go to your manager
and then let's say they come back and they're like, we're going down in two months
if we don't get this out.
What would you do?
Well for me? You know, it's one of those things. Do you care if the company goes out? In reality, I would, uh, at that point, you have to take the greater good, right? At least in my opinion,
yes. Because I honestly
let's say we fix all the vulnerabilities in three months. There could be another, you know, more than likely there will be another one, right? Especially if this is a product that is becomes popular and gets a lot of attention from the media. And people feel that they can get financial gain from that, then it's obviously gonna be attacked quite a bit. So
I would immediately say, Well, I know at some point there's gonna be vulnerabilities Anyways,
are these at critical for this? Because this is an M V P. At the end of the day, right? For those that don't know minimally viable product, right? So basically, I need to get something out for my investors and customers, et cetera, to be able to show that I can actually produce this thing that I'm trying to sell them on. And so
all those factors combined, I would myself I would probably go ahead and push it out because I know that Number one the company's gonna go under. If we don't and number two that more than likely there's going to be vulnerability. At some point, the future we're gonna have to address, you know. And as we evolved things, if we look at Microsoft Windows right
or any Microsoft products, they're full of vulnerabilities all the time.
Everyone knows about patching and all that stuff. And if Microsoft waited to push stuff out, they wouldn't. They wouldn't even have company, right. They would never make anything they would ever produce things they would never make money on. That's the same for any company. So I think we can analyse things. But if we understand that the company itself may go under,
we have to take a step back and say OK, yes, Isa, protect Practitioner. I don't want to push it out. Anything vulnerable? Sure, you know what a hard things as much as I can. But the reality is
the company needs to survive. The product doesn't need to get out there so we can get exposure to it. Get people looking at it and get recommendations. Could Maybe there's something we didn't notice
that never happens. You know, you always cover all your bases. Exactly. Yeah, yeah. We were on a vulnerability scan. It gets everything. Absolutely. There was no chance of any Giles. Yeah, zero days were just made up, right? So it's just that in that situation, if I knew that the company would go under
or or would more than likely go under I'm going to go ahead and push it out
with the expectation that I know in the future we still need to fix other things as they arise. But I think it's important to secure that funding and keep getting the money to be able to fix those things. Yeah, and the vast majority of consumer APS would make that same decision
because you have to get it to market like you pretty much have a six month window a lot of times before your company goes under, right? Uh, if you because people are just gonna beat you,
it's a really, really tough market out there. And, like, speed is important. Andi, you might notice with our content, sometimes we want to get it out. Right. So, um so Yeah, it's ah, super exciting. Okay, cool thing. That's a great scenario. Totally,
totally happens all the time. Oh, yes, but let's move on the next one
Up Next
Ethical Leadership

In this ethical leadership training is taught by Cybrary’s own Leif Jackson. We will give you a framework on how to make ethical decisions from a leadership perspective - delving into the common use cases and rationale behind modern day professional dilemmas.

Instructed By