As a leader of the security team, how do you view Ali Moon cake events?

The four programmers of the Ali security team used the spike application flaw to write a js script to buy mooncakes and were finally fired. The rest belongs to Alibaba Cloud and the processing results are still under discussion.

In fact, many people are puzzled by this incident. However, it is a small program snapped up on the internal network. It has written a script to brush more moon cakes, and has not grabbed eggs. If it was not reported to HR, how was it fired? So, as a leader of the security team, how do you see this? For this reason, Lei Fengnet (search for "Lei Feng Network" public number concerned) editor and several security team leaders chatted down to listen to their views.

360 radio hardware laboratory head Yang Qing:

If we are here, it will be the person who wrote the platform.


Assuming 360 years of work experience in the Department of Information Security, if there are moon cake incidents, security personnel who find vulnerabilities (after all, we "hackers" too much) must be promptly reported to the Information Security Department, we urge the existence of loopholes The R&D personnel of the business system are repaired.


In addition, the company’s R&D partners have long been accustomed to being “abuse” by our stringent safety standards. A sense of safety will allow everyone to respond quickly and cooperate with us to fix loopholes. There will certainly be no resignation. 360 is based on a security culture-oriented company. I remember that once we discovered that a holiday company had a loophole in its gift selection platform, our security staff had exceeded the limit by testing a large wave of gifts, disrupted the database, and finally it was me. The administrative MMs of the company are very patient and call the employees to verify the selected gifts one by one. They are not at all safe to attack the city's lions (¬‿¬ ).

Knowing Chuang Yu Seebug Vulnerability Platform Director Zhang Zuyou:

It is normal for technicians to write scripts instead of humans, otherwise there will be various software. As for the script getting out of control and grabbing so much, there is a flaw in the application of the spike killer. The person who wrote the script did not expect it to be normal.


According to the expelling of the person concerned, I think it is unacceptable to rise to the values. This I can't understand Kazakhstan. The speed of opening people is a bit faster.


In any case, I feel that the technology is not guilty. It just happened to have loopholes in the second robbery program, and it created a series of problems. In addition, if the party is just talking about grabbing a box of moon cakes, I don't think there is any problem with script grabs, and it's not a malicious bull. However, if there are companies that have regulations, some companies have a bottom line. There is no other way to say anything. This can be understood.

360 network attack and defense laboratory leader Lin Wei:

A few things about my personal opinion of Ali Mooncake: This matter can be a good thing. ,


1. Use moon cake as an incentive to encourage safety researchers to find out
2, criticized the business department did not take the test process to bear the main responsibility,
3, the safety testing department should put forward the improvement plan to avoid not mentioning and can not be found.
4. If you have already mentioned that the security personnel did this, when I did not say...
5. Excessive protection of the business department, the loss of heart and soul, Ali security personnel, everyone is in danger, the team is not good to bring ... ... above, you savor ... ...
6, for the four students, do not think about doing things, it is better to change leadership


It is you who expel the boss. It is not the boss who expels you. There are a lot of teams waiting to grab you. The company culture is very important. A good leader is very important.

Of course, there are also ways to hold Ali --

Well-known listed company VP, senior security person:

This is a special case because the information security industry or the job itself is a role of auditing/protection/supervision. This kind of behavior actually breaks the trust relationship. The ancient Greeks said: The greater the ability, the greater the responsibility. People involved in information security should be self-indulgent .


Although there is no payment at the end, the "crime" suspension does not mean that no responsibility is required.

The big company, Lin Zida, has rules that are understandable. However, grabbing moon cakes (writing a script to test out loopholes) has risen to values ​​that are a bit chilling for technical people.

However, what kind of stuffing moon cake is, is it so delicious? The little friends who have eaten leave a word, let's talk about values.

Vacuum Furnace Insulation Screen

Vacuum Furnace Insulation Screen,Thick Hard Felt Disc,Thick Vacuum Furnace Plate,Thermal Insulation Screen For Vacuum Furnace

HuNan MTR New Material Technology Co.,Ltd , https://www.hnmtr.com