undefined | Better HN

0 pointssaurik3y ago0 comments

I am not sure how those aren't incompatible thoughts... I was explicitly told, by the CEO, that she was channeling that mindset, and the security engineer there I ended up speaking to was clearly not bothering to actually figure out how to filter change sets made by their engineer as he "felt bad" about it... and I kind of don't blame them, as to the winners go the spoils in some sense? They were super lucky I was the one that found the issue and not a black hat, as $2M was nowhere near how much damage I could have caused. And that's in a financial system, where you might expect someone to know better, and yet they have the same incentives to play fast and loose as everyone else :(.

0 comments

andsoitis3y ago

I think the point here is that the CEO clearly values security, if they were willing to pay you $2m do find issues, isn't it?

j / k navigate · click thread line to collapse

0 pointssaurik3y ago0 comments

0 comments

andsoitis3y ago

I think the point here is that the CEO clearly values security, if they were willing to pay you $2m do find issues, isn't it?

j / k navigate · click thread line to collapse