That risk includes but isn't limited to technology, fiscal, procedural or human resources challenges. Not to mention, and the issue driving this post, the risks of damaged reputation. Now, I would not go so far as to say this will drive shares down, but the blurry line left between the two regarding who owns and delivers the Spydynamics software lineup will affect potential consumers. That could have a customer service impact, result in a total loss of the reputation of Spydynamics and ultimately impact the bottom line.
And lastly, an example of this risk that you would think someone at Spy would take care to address (that is, if they still have the independence and control) can be seen in the interaction of the two domains, hp.com and spydynamics.com. Visit any download link on spydynamics.com, and you may notice that spy passes the request to the HP BTO software delivery site. And, if you are a paranoid script blocker like myself, you'll notice that the action between the domains is a cross site scripting exchange (XSS). I say exchange, because in reality XSS happens all over the place and the action of XSS is not inherently evil. However, that's the issue. The unfortunate reality is that just like the term "hacker", XSS has very negative connotations. Script blockers like noScript flag this action as a suspicious request. This could result in that negative impact as discussed above. Now, this isn't a huge issue, but it's frustrating and obvious to some. I think the work here is unclear and unfinished. If I ran a company touting that we could "implement a security risk assessment at every phase of the application lifecycle" I would certainly start with my own applications. Maybe they don't see this as a risk, but I do. If you can't critique yourself, who can you critique?
