Within the framework of the procurement of Web application substantial security holes were evident (recognized by by examinations/ (IT-Securtiy checks).
The Web applications are ordered by the company at different suppliers, who carry out the software development. In the course of the agency, however, there is no further specification concerning the requirement to IT-regarding to an implicit approach „it just must be safe “.
These facts cause the following problems:
+ The level of IT-Security is not defined and depends on the
provider
+ The frame of vunerabilities found by security-checks cannot be
regarded as lacks, no specification is available.
+ The repair of vunerabilties depends on the goodwill of the
providers
+ If clients-data are run at this Website, the data protection is
not guaranteed.