Service-based software focuses more on security

Flashsky

When I went to TENCENT for security testing that day, I heard a strange theory: TENCENT doesn't sell software, it sells software services, because the software doesn't directly receive money, I am not willing to spend money on software security issues, but I am willing to pay for service security issues.

But I think

1) services are software-based and without software, there will be no carrier of services. Although services are sold without directly collecting money by software, users' trust in software directly affects services. Whether selling services or software, you must and have the responsibility to improve the security quality of your products to protect the security of your users, however, you can ignore the security issues caused by the use of your released software.

2) service-based software should pay more attention to security. I can say that in: QQ mail tool attached to TENCENT, A large number of micro-soft ie dll copies are used in their own directories, and few follow up on the IE patch upgrade, resulting in the vulnerability after the micro-soft IE patch is fixed, which still exists in QQMAIL, as a result, many of my friends have suffered great losses and basically all of them have abandoned the QQMAIL tool. My machine has also been successfully infiltrated by such security vulnerabilities, although the timely detection did not cause more losses, I have become a habit. Even if QQ mail is changed to the WEB form, all emails in QQ mail will not be read, QQ mail will not be used as your own mail. In addition, QQ will use a large number of ie dll browsers and will not be used by any relatives, it is not because of prejudice against TENCENT, but because of the security problems of these products that have previously caused a deep memory of their own security events. It can be said that as long as users understand that their losses are caused by security vulnerabilities of a software, services on the corresponding software will be discarded for a long time. Moreover, communication service-based software has higher security requirements, if an unusable CRASH can make Users unable to use the software, it will also cause service failure. Therefore, service-based software should pay more attention to security.

As mentioned above, we hope that the security leaders of TENCENT can think about it without criticizing TENCENT. In terms of the domestic Software Enterprises' emphasis on product security and the strength and ability to implement security, TENCENT and Alibaba are two of the best companies in China.