You'd think that financial institutions would have some of the highest
standards for information systems, but in reality, for various reasons,
their Web sites are often littered with substandard-ness.
There is one huge bank which, besides having subsystem integration
problems apparent in their Web interface, has a flaw in their touted
security mechanism. I know the researcher who reported it to them, and
he even had a meeting with key people there, but I don't believe that
they addressed the problem.
And the home-banking setup that the credit union of a certain big-name
engineering school uses is downright scary with all its brokenness and
klunkiness and kludginess. I called them up over one surprising
security flaw, and the technical person I reached was not willing/able
to fix it.
There are multiple reasons for some of the brokenness in Web apps of
financial institutions. I think a lot of it is difficulty of
integration with legacy-technology systems, like mainframes and
networks. Another contributor can be that, when your application is so
sensitive, there can be a huge barrier to modifying even
modules/subsystems that your organization controls and that are using
modern technologies. Another is the usual problem of managing large
systems (a colleague of mine actually helped design the overall Web
experience for one of the huge banks, as an outside consulting firm, and
just the interface for everything it had to cover was a major
undertaking even for the initial system, before it started evolving).
Then you sometimes have long-term MIS employees who have been
"retrained" poorly or who are not well-suited to the different kind of
work. Then you might have the problem of running Web shops like old
mainframe chief-programmer shops. Then you have banks not necessarily
hiring the same caliber of software talent as Google, R&D labs, and
startups can. (Some Wall Street firms do focus on top software talent,
by paying huge salaries+bonuses and/or giving interesting quant work,
but your home banking Web app is generally not done by those people.)
Less seriously... Then there is the classic strategic error of hiring a
fresh self-assured Young Republican business-degree graduate to do
conscientious engineering. :) And also, using Java makes you dumber. :)
I should add that not all bank Web sites are bad, and even some of the
ones with bad parts have parts that are done conspicuously well.
--
http://www.neilvandyke.org/
_________________________________________________
For list-related administrative tasks:
http://lists.racket-lang.org/listinfo/users
