underbid, screw everything up, and then sue.
Thursday, January 21st, 2010
The web page above, which has its delicate bits blurred out, was left unprotected by a contractor from Texas who underbid everyone else and got work from Minnesota’s DHS.
Here is the MPR story, where you can find out the name of the contractor who is now suing everyone over the issue.
I’ll just refer to them as “Sookout Lervices”.
I appreciate that MPR found this out, but Sookout Lervices doesn’t, as they seem to be building a criminal case against MPR.
After this incompetence was discovered, Minnesota agencies were instructed not to work with them. So, Sookout Lervices is suing our state as well.
Seems like a scary company to work for. It has lawsuits open against several former employees, including one of their own developers. That is, a customer complained and Sookout Lervices hired an outside party to look at their own developer’s code and then sued the developer for fraud. This tells me they have too little hands-on involvement with their own projects. That is, get a contract, throw a developer at it, and collect the money without investing in:
- Senior level developers
- “Hands-on” Project Managers
- Code reviews
- training
- Testing
An interesting question is if the MPR reporter who found the breach can get punished. From what I understand, she didn’t just follow a link and find the data in the open, she messed with request parameters in the URL to get to unprotected data. So, what is the line between changing the URL to navigate around a site, which I do on a regular basis, and committing a crime?
There must be a precedent for this. What I need is a big “computer crimes” chart of actual cases where the technical details of the incident, the charges brought, the evidence offered, and the sentence are laid out.