There is an interesting blog post on the LinkedIn Calendar sync feature introduced with the LinkedIn Mobile App.

This feature created a lot of security concerns when it was first introduced.

I think LinkedIn handled these concerns fairly well for a corporation. I think that the initial concerns around data privacy are extremely interesting. I think we are going to see a lot more of this as more and more developement teams work independently on different platforms.

The issue, to me, is not really what went wrong, but why. I think that this type of secruty risk occurs when a development team works in isolation from the security team–the main linkedIn sight which manages login, password reset, account information, etc. did not make this mistake. The mobile side did.

I assume that the LinkedIn mobile development team is basically a death march with requirements coming directly from the business with very accelerated timelines–a condition that is perfect for security mistakes to be made. I think that this mistake is a perfect example of the kinds of mistakes we are going to see become more and more problematic in the coming months.

I am not yet sure how to solve this issue.