From wiki
Jump to navigation Jump to search

We've found that doing proper application security with Power BI stuff is hard: (a) "Everyone wants to use it", so lots of activity (a2) Corrolary: proper software development techniques have to be instituted for a large group, etc. (b) Microsoft does not supply elementary diagnostic tools like request-response logs (c) The ecosystem does not seem to do much validation (or at least documented as such) on visualizers (d) The "SaaS" nature blackboxes a lot of the functions (e) Some aspects like returning all of the Undo history to Micorosoft's engines as part of the upload is dubious etc. (f) Microsoft says effectively, "by all means, pentest, but we won't help you understand the result because we won't document our appliances for you." This is the opposite of the Open By Default principles we are supposed to work with and annoying/hard to work with to boot. (This is a generalization of b, I guess.)

Anyone have any good ideas on the software/application security front here?