Before I started my own company I worked as Director of Technical Services for communications company in the Western U.S.
I lobbied hard for company credit cards for the tech crew that traveled from site to site. Until then, the company made them pay for their own travel, submit expense reports, and get reimbursed after the fact.
Getting approval for the credit card program was HARD. I argued that my small team was people we knew well. They were honest. And they’d still have to submit their expense reports with receipts every week. Accounting could compare the receipts against the charges on the statement and see if they were using the cards for anything they weren’t supposed to.
The President and the Director of Finance both objected. They said, “No matter how much you think you know someone, they can surprise you. Companies that allow credit cards routinely report fraud.”
After a couple of months of dialogue, I got my way. Two credit cards for each tech: a gas card and a Visa card.
Worked fine – for awhile.
Then, one day, we discovered a discrepancy, which led to an investigation, which led to uncovering misuse, which led to one of my techs in Montana being fired.
This story is a parable about trusting code in GitHub because “you know the person who maintains the repository from years of interacting on social media.”
#Github #supplyChain #malware #privacy #cybersecurity
I lobbied hard for company credit cards for the tech crew that traveled from site to site. Until then, the company made them pay for their own travel, submit expense reports, and get reimbursed after the fact.
Getting approval for the credit card program was HARD. I argued that my small team was people we knew well. They were honest. And they’d still have to submit their expense reports with receipts every week. Accounting could compare the receipts against the charges on the statement and see if they were using the cards for anything they weren’t supposed to.
The President and the Director of Finance both objected. They said, “No matter how much you think you know someone, they can surprise you. Companies that allow credit cards routinely report fraud.”
After a couple of months of dialogue, I got my way. Two credit cards for each tech: a gas card and a Visa card.
Worked fine – for awhile.
Then, one day, we discovered a discrepancy, which led to an investigation, which led to uncovering misuse, which led to one of my techs in Montana being fired.
This story is a parable about trusting code in GitHub because “you know the person who maintains the repository from years of interacting on social media.”
#Github #supplyChain #malware #privacy #cybersecurity
1
