undefined | Better HN

0 pointsdahwolf2y ago0 comments

I agree that there's friction between the greater public good and private interests.

But I don't agree with the reductive take that compromised security means companies don't care or are greedy. Companies that do care and have an army of security staff still fuck up.

The reality check is that security is incredibly complicated, expensive, very easy to do incorrectly.

If anything, us software developers should do some reflection on our software stack. It's honestly quite shit if it requires daily updates and a team of security gurus to not get it wrong.

0 comments

bawolff2y ago

> The reality check is that security is incredibly complicated, expensive, very easy to do incorrectly.

Indeed. Which is what i meant by perverse incentives. You can generally make more money by ignoring security or doing the bare minimum. Doing security right is expensive, and the consequences of doing it wrong are usually not that much at the end of the day (for the company anyways, the users might be screwed). All this adds up to rational actors under investing in security. And honestly it is hard to blame them.

j / k navigate · click thread line to collapse