Geeze, I thought we just got rid of a SSA computer system that didn't
work and a CFO who was living the good life on our dues. Now a hacked
website that is down for a day (or more)? Web security isn't a new
science. If, as I understand it, we have all our "eggs" on one basket
linked to this web server (recent Soaring mag article) shouldn't web
security and fault tolerance be Priority One?

The people who have done all the web and database development for the
SSA have done an admirable job on a daunting task and have done it as
volunteers. The computer industry is very complex and no one person or
group has best of breed expertise in all areas. Have we now reached
the point where we need to act like a professional organization and
move from our new "home grown" systems to some professional (as in
paid, experienced and, accountable) management and development of
these systems? I question if web security is one of those areas where
the SSA (and it's volunteers) needs to be involved in the design and
management. If we are paying someone to provide all web hosting and
security services, then this 24 hour notice should be our signal to
move on.

Sam