I’m not sure if this is just a rhetorical question or a real one?
Because I didn’t claim it isn’t negligence. It is negligent, however, it is not a problem solvable by just pointing fingers. It’s a problem that solvable through more strict regulation and compliance.
Cyber security is almost exactly the same as safety in other industries. It takes the same mindset, it manifests in the same ways under the same conditions, it tends to only be resolved and enforced through regulations…etc
And we all know that safety is not something solvable by pointing fingers, and saying “Well Joe Smo shouldn’t have had his hand in there then”. You develop processes to avoid predictable outcomes.
That’s the key word here, predictable outcomes, these are predictable situations with predictable consequences.
These are abstract problems that affect “someone else”. This is the standard state of mind that most development teams and companies have when it comes to security.
By default everything you produce is going to be insecure and less you have professionals there to get in your way and ensure you are meeting compliance.
By default most companies and especially startups are going to write insecure software. Because the consequences don’t really matter at this point, all that matters is shipping the product and getting it to market for growth opportunity. And gambling on the BET that there won’t be any security breaches.
oce@jlai.lu 2 days ago
I’m not blaming the single person who did a mistake, I’m blaming the negligence of the companies that cut corners for profit, so most of them.
Your first comment read as if organizations were this happens couldn’t have bad consequences. Your new comment explains what you meant better, and I agree.