New Rad Studio Coming – Security?


On April 21st & 22nd there will be a Webinar that goes over the Highlights of RAD Studio. Embarcadero presenters will discuss among other things the following topics: A new installation tool with GetIt technology and the choice of what you want to install  Extended support for Bluetooth LE on Windows 10 and a framework for IoT components  FireUI App Preview – Preview your forms on any target device (desktop or mobile)It looks interesting,  I have had many complaints with installer over the years for taking up too much disk space.   I am also working on IoT devices (usually building them) every week now.   So I am excited to any improvements in this area. I also wonder how much of it will have improvements in the security areas that I have concerns with.  Granted most of my concerns deal with the websites more than the product.   I suspect I won’t get the information I want in this webinar, but will only come through a review of the product.  I started contacting Embarcadero regarding several specific security issues on  Aug 30,  2015 right before the Idera purchase.    Some of these were addressed: for example the community toolbar in Rad Studio no longer uses an unencrypted session when you log in.    AppAnalytics uses HTTPS instead of HTTP.But nothing appeared to change on the websites then on March 12th Embacardero website was hacked,  After a couple of “I told you so” emails, problems were escalated.    I produced a multi page security report detailing issues with every Embarcadero website.   This finally generated some action.    I had a very good call with Atanas Popov the General Manager of Embarcdero’s Developer Tools we discussed how they can improve security on both the websites and products.      I now know they are listening, I am now watching to see if the listening turns to action.     I love Delphi it’s a great tool I want to see it succeed and has had a very positive impact on my career.  Given that it’s been really difficult to be positive for the past several months, so I have chosen instead to be quiet, but I believe it’s time to be publicly vocal.    In my job, I have to deal with security concerns all the time.   My employer is constantly under attack.   So harding systems and software is always a concern.    So I am required to demand that from my from the vendors we use.  If a vendor fails to take security seriously it has a huge negative impact my ability to use that vendor.So here is to hoping we get some greater transparency and action on security issues.     

Comments are closed.