I’ve tried asking this query elsewhere and bought roundly dissed and blown off by OM, so I am escalating this for visibility. He is not prepared to offer a solution, so I am hopeful that somebody will deal squarely with me and reply my inquiries.

v6, their present model, is what we wish, not 5. 5 was launched in 2013 and bought sunsetted final month.

Furthermore, please do not dismiss me; it is insulting and unprofessional. I will hold bringing it up as a result of I am not getting responses to my query apart from “we’ll get proper on that”, delivered with sarcasm by Henzilla after I requested about updates, or the dismissive response you simply served up. If you’re not prepared to reply to the membership’s questions, perhaps being a part of membership management is not for you. You, as a part of management, are accountable to the membership and it’s anticipated that you’ll deal earnestly with member questions and feedback. This put up doesn’t meet that normal of respect and obligation to the membership for my part. As I used to be usually reminded whereas serving the membership “officers work for the members, not the opposite method round”.

I began by questioning why we do not have a like button, however some investigation reveals that we’re not on essentially the most safe model of our discussion board software program. It is virtually 7 years since v4.2.5 model was discontinued by vB. For these not following alongside, that implies that we probably have not had a safety patch since then, at the latest. Would you belief your financial institution to be sitting on safety they put in place again then?

I am a membership member and an IT skilled. IT safety means protecting software program updated and making use of all patches must be our normal course of. We’re on a model that was EOL’d in 2017. Is that good IT hygiene? No. It isn’t. Is there a two issue authentication possibility to guard my credentials and forestall them from being poached? No, there’s not. Do we have now Okta integration like different boards I am on? No we do not.

If there have been a breach, these gaps will likely be what torpedoes us and exposes us to extremely avoidable lawsuits. We now have not finished due diligence to guard member information, so far as I can see, so we will likely be discovered accountable in any authorized motion ensuing from an information breach or loss. I hope I am flawed, however I consider that I’m not, having seen our state of affairs play out for the more serious with a few of my purchasers. When you wind up in courtroom and the plaintiff factors out that the group is utilizing a software program product that is ten years outdated and has identified safety gaps, we will likely be held liable for the members’ lack of privateness. It is not going to be low-cost when plaintiffs show that we knew we have been utilizing outdated software program and did not remediate an apparent threat vector.

My largest concern is that 4.x is susceptible to code injection, which implies that people can achieve direct entry to the info tables on vB, amongst different objects, together with person credentialing and PII. I’ve supported different SQL primarily based net enabled merchandise which have been topic to this potential exploit, however not in virtually ten years as a result of everybody has shut the door on that kind of hack. Will we need to get ransomewared? As a result of that is how we get ransomewared. Will we need to expose our membership to identification theft? As a result of that is how we try this, too.

I work for a corporation that responds to information breaches and you do not need to show this group to even the tactical value of remediating this sort of occasion, a lot much less the litigation publicity. Each doc or file probably uncovered is usually analyzed for PII manually, by a room filled with legal professionals, and people who’ve had their PII uncovered get a discover that this has occurred. Is that monetary and reputational threat one thing we must be exposing this group to?

Do we have now the cash to purchase each member a yr’s membership in LifeLock as soon as their information is breached? I anticipate that we don’t have the monetary wherewithal to do this if we have now a breach and it could destroy the membership if we’re not insured for such an prevalence. Civil litigation from information breaches is an actual factor. I work in that sphere the place IT and the legislation intersect.

So. Can I please get a responsive and informative reply to my query? I am not violating any discussion board guidelines and have been unfailingly well mannered. I anticipate a solution in form.

Right here it’s once more: Why have not we up to date our discussion board software program?

Be happy to escalate to one of many admins, presuming you are a mod, or somebody on the BoD, if acceptable, and I am blissful to have a dialog through PMs if that is useful. As a paying member, I consider I’ve a proper to a full and correct reply to my question.

We now have a fiduciary duty to proactively defend the info our members entrust us with. I believe that as a part of that belief obligation, it is honest to ask questions on how we deal with, handle and defend member information. Not getting a response feels such as you’re not responding in good religion to a simple and vital query.

I’ll hold asking about this till we’re offered a coherent, clear reply to why we’re thus far behind on updates. I apologize if that feels antagonistic, however blowing me off actually pisses me off after I ask an trustworthy, good religion query. I ought to, at minimal, have the ability to anticipate a response in form. I’ve sat within the Huge Seat and it was my responsibility and obligation to reply in good religion to questions from the membership.

Thanks.

Dave

Dave Swider

teamkbasa@comcast.internet