Thursday, May 7, 2009

DebtGoal Responds to Security Breach

I want to clarify, I got this email a few days ago but I haven't been well and haven't posted DebtGoal's reply to my questions due to illness. I requested a more complete reply from DebtGoal about the nature of the problem and how they'd like to respond. I actually received the response on Sunday, and I'm attaching that below.

Here's a response that you can post on the blog. LMK if you think I could be more effective. We really do care about this stuff and work hard to make a great product. We missed something on this one and we learn from it and move on.



Thanks for your ongoing coverage of You've been a great supporter and have given us a lot of valuable feedback that has truly helped us create a better service.

As you pointed out in your recent blog post, we did experience a bug last Friday where we sent out a limited number of monthly progress report emails with inaccurate statement data. We traced the issue to a memory buffer error that failed at high volumes to clear after each email was generated. We have implemented a fix for this bug and resent corrected monthly reports a few hours after the issue was identified.

We apologize for the error, as we know that you and our other users put your trust in us to help you manage your finances. As a result of this issue, we are revising our Quality Assurance practices to better detect these issues through automated validation and live error detection. It's never possible to eliminate all possibility of errors, but the changes we are implementing will lead to much more robust releases.

Above all, I want to communicate that we do take quality and security seriously. We will continue to proactively improve our processes and quality. As we're in Alpha release, some of this QA work is done by our users and we remain very appreciative for the suggestions and feedback that we get on a daily basis and thankful for their understanding when things don't go exactly according to plan. Thanks again for your support and feedback.

Scott Crawford

No comments: