nus-pe-script
commented
7 months ago Team's Response
This is a good spot, and a both interesting and unfortunate issue! It is indeed a potential problem, but as we assume that people with access to WildWatch and the system it resides on are clerks and perhaps other trusted members of the reserve, we do not think that it is very pressing. Any attempt to sabotage the system itself will have to be performed by an insider, and there are other better ways of doing it, like just using WildWatch to delete or modify entries.
Furthermore, it can be argued that sanitization should separately be handled by Excel rather than us. And indeed they do note when some shady things are going on (e.g. with =cmd|' /C calc'!A1, taken from link):
It is indeed problematic, but we do not think that this is urgently in scope for us, since there are simpler ways for employees to compromise data integrity with access to the WildWatch system.
P.S. Thanks for letting us learn something new 🦄
Items for the Tester to Verify
:question: Issue response
Team chose [response.NotInScope]
- [ ] I disagree
Reason for disagreement: [replace this with your explanation]
This is yet another threat to data integrity of entries, causing them to lose scientific value should there be attempts of sabotage on critical biodiversity data, such entries should not be allowed by the program.