Code Security WTF



  • A friend of mine works for a large software company you've all heard of. Recently, they decided that they needed a major company-wide code security best practices initiative. So they hired some company to create a course that every developer would have to take that discusses things like buffer overflows and SQL injection attacks.

     At the end of this course that's supposed to take two hours is a test that you have to pass to keep your job. The test consists of general questions about software security and best practices but also lots of very-specific questions in various different languages. For example, there's a chunk of C code that you have to spot the buffer overflow in. A very high score is required on this test or you have to retake it. Supposedly, using all these different languages would be fair to everyone, since everyone would probably miss some questions in a language they're not familiar with. (Did I mention you had to get an absurdly high score?)

    Now, here's the WTF: The development teams include people who do things like write documentation, design user interfaces, coordinate teams, and even do purely graphic design. They have to take, and pass with a high score, this very same test. Some of them do not even code ... ever. There are graphic designers who may never have written a line of code in their life and who now have to answer questions about where the bug is in a C++ derived class that regulates access controls which is inserted into a collection that copy constructs members of the base class.

    I offered to take the test for my friend. He said that would be cheating.

     

     

     



  • Sounds like creative dismissal to me.



  • @joelkatz said:

    ... a test that you have to pass to keep your job.

    @joelkatz said:

    ... a chunk of C code ...

    @joelkatz said:

    ... high score is required ...

    @joelkatz said:

    Now, here's the WTF: ...

    I think I worked it out. Lol.

    But seriously, tell your friend to update their CV now. Do it!



  • @EncoreSpod said:

    Sounds like creative dismissal to me.

    Over here, a dismissal resulting from that wouldn't stand up in court. Ever.



  • @joelkatz said:

    The development teams include people who do things like write documentation, design user interfaces, coordinate teams, and even do purely graphic design. They have to take, and pass with a high score, this very same test. Some of them do not even code ... ever.
    Please, please, please tell me that the "development teams" are also defined to include the managers who decide that tests like this will be required.



  • @da Doctah said:

     Please, please, please tell me that the "development teams" are also defined to include the managers who decide that tests like this will be required.

     

     

    Ha - hahahahahaa- ha ha! Ooooh ha ha haaaaaaa!

     

     



  • @Rhywden said:

    @EncoreSpod said:
    Sounds like creative dismissal to me.

    Over here, a dismissal resulting from that wouldn't stand up in court. Ever.

     

     

    Yeah but I've done this shit and known other people who have. They kick you out by their rules, even if their rules are wrong. So you goto court, what are you gonna get? A lump sum, after that shit the atmosphere is fucked, you aren't going to want your job back and they aren't going to want you back. Even if by some magic you did get re-instated you would be held to every tiny little rule until they find a reason to let you go again.

     And then what? You put on your CV "I kicked out but it was wrong and I contested in in court." You might aswell put "I am a troublemaker who will give you nothing but problems."

     

    They factor this into their calculations when they do this, they change the rules, lay off the people they want rid off and most of them will just move on. They will settle the lump sums with the two or three that make a fuss and then its over. They still end up with what they wanted, less people and less wages in the long term.

     

     



  • @EncoreSpod said:

    @Rhywden said:

    @EncoreSpod said:
    Sounds like creative dismissal to me.

    Over here, a dismissal resulting from that wouldn't stand up in court. Ever.

    You put on your CV "I kicked out but it was wrong and I contested in in court." You might aswell put "I am a troublemaker who will give you nothing but problems."

    Can't you just say you were made redundant, the company was "restructuring" so you moved on.

    You have a point though - unless they're screwing with your wage within your employment/notice period, you may as well forget it and move on. That said, the economy in this country isn't entirely bust just yet.



  • @EncoreSpod said:

    @Rhywden said:

    @EncoreSpod said:
    Sounds like creative dismissal to me.

    Over here, a dismissal resulting from that wouldn't stand up in court. Ever.

     

     

    Yeah but I've done this shit and known other people who have. They kick you out by their rules, even if their rules are wrong. So you goto court, what are you gonna get? A lump sum, after that shit the atmosphere is fucked, you aren't going to want your job back and they aren't going to want you back. Even if by some magic you did get re-instated you would be held to every tiny little rule until they find a reason to let you go again.

     And then what? You put on your CV "I kicked out but it was wrong and I contested in in court." You might aswell put "I am a troublemaker who will give you nothing but problems."

     

    They factor this into their calculations when they do this, they change the rules, lay off the people they want rid off and most of them will just move on. They will settle the lump sums with the two or three that make a fuss and then its over. They still end up with what they wanted, less people and less wages in the long term.

     

     

    Why on earth would you put something like that on your CV?


  • @EncoreSpod said:

    You put on your CV "I kicked out but it was wrong and I contested in in court." You might aswell put "I am a troublemaker who will give you nothing but problems."
     

    Dickweedery aside, you'd probably phrase it in a manner that more accurately describes the situation: "my position became untenable due to a change in corporate policy" or "following an organisational restructure, my skillset was no longer required"... given that's more like what happened (according to the OP).

    You don't need to mention the contested bit. Hell, in an interview I would keep quiet about that for purely the reasons mentioned above: I read a study years back that said anger of the prior employer was the biggest aspect towards candidate rejection. I know I pretty much killed someone's chances of working for us when she mentioned she wasn't all that interested in a job $HERE, just more interested in not having a job $THERE[1].

    [1] admittedly, it was already looking pretty shaky up until that point.



  • @Cassidy said:

    Dickweedery aside, you'd probably phrase it in a manner that more accurately describes the situation: "my position became untenable due to a change in corporate policy" or "following an organisational restructure, my skillset was no longer required"... given that's more like what happened (according to the OP).

    Do you people not understand that you write your own resume/CV? You don't put down the reason for leaving a job, you just put down an end-date. If they ask in an interview, then you might want to have a prepared answer, but don't fucking put it on the CV.



  • @blakeyrat said:

    Do you people not understand that you write your own resume/CV? You don't put down the reason for leaving a job, you just put down an end-date. If they ask in an interview, then you might want to have a prepared answer, but don't fucking put it on the CV.

    A thousand times this. Over here it's pretty much illegal for a company to state whether an employee was terminated or they quit. Further, HR will never make any statements in regards to a persons employment like "he was a dick" or even "she was a good worker". Reason why: litigation. It's too expensive to deal with cases arising from an ex-employee suing their previous employer for libel. Never mind if it's true or not; the lawsuit itself is expensive. Pretty much all an HR department can do is confirm that you worked there, the dates of employment and, possibly, how much you made; however that last bit is up for interpretation.

    So for the clue bat to the heads of the mentally challenged amongst us, as blakeyrat said: when writing a resume you can simply omit why you left. Further, when asked about it, you can say whatever you want as no one would dare contradict you.



  • @blakeyrat said:

    If they ask in an interview, then you might want to have a prepared answer, but don't fucking put it on the CV.
     

    That was my point: have a prepared answer.

    ... but re-reading my post, I can see your thinking. My bad on that confusion.

    @NotHere said:

    Over here it's pretty much illegal for a
    company to state whether an employee was terminated or they quit.
    Further, HR will never make any statements in regards to a persons
    employment like "he was a dick" or even "she was a good worker". Reason
    why: litigation.

    Where's "over here" - USA?

    In UK the former employer can be approached for a reference (and the terms of their leaving can be mentioned - there's no reason to conceal this information) but there's some law preventing the reference from jeopardising the application: you can't mention the negatives, only the positives. For that reason, I've known a former boss decline an invitation to provide a reference for a former worker on the grounds that she "couldn't say anything that could possibly impact upon his application". Similarly, I've been somewhat wary of those that don't want to give their former workplace as a reference.



  • @Cassidy said:

    @blakeyrat said:

    If they ask in an interview, then you might want to have a prepared answer, but don't fucking put it on the CV.
     

    That was my point: have a prepared answer.

    ... but re-reading my post, I can see your thinking. My bad on that confusion.

    @NotHere said:

    Over here it's pretty much illegal for a
    company to state whether an employee was terminated or they quit.
    Further, HR will never make any statements in regards to a persons
    employment like "he was a dick" or even "she was a good worker". Reason
    why: litigation.

    Where's "over here" - USA?

    In UK the former employer can be approached for a reference (and the terms of their leaving can be mentioned - there's no reason to conceal this information) but there's some law preventing the reference from jeopardising the application: you can't mention the negatives, only the positives. For that reason, I've known a former boss decline an invitation to provide a reference for a former worker on the grounds that she "couldn't say anything that could possibly impact upon his application". Similarly, I've been somewhat wary of those that don't want to give their former workplace as a reference.

     

     

    I like the hidden negative ones "He does work rarely seen at this at this level"

    'In my opinion, you will be very fortunate to get this person to work for you.' 

    'I am pleased to say that this candidate is a former colleague of mine.' 

     


Log in to reply
 

Looks like your connection to What the Daily WTF? was lost, please wait while we try to reconnect.