|
|
|
|
|
|
by red_admiral
3004 days ago
|
|
|
I'm 90% in agreement. Her workplace definitely sounds like somewhere I'd consider working myself (if I were looking for a job). There are some things that I consider basic competence standards, like not storing passwords in plain text in any system you're building. I wouldn't fire an intern for getting that wrong but I also wouldn't let an intern near a production authentication system without some oversight. If someone is a security engineer with a responsibility to know these kinds of things as part of their job role and certification, then if they'd implemented passwords-in-clear to cut corners somewhere, even if it's to meet a really important deadline, I'd be extremely unhappy. Of course I'd establish the general pattern of what had gone wrong first, and if it was a superior being abusive to the security engineer to get the product launched on time I'd still be really unhappy but not at the engineer. Occasionally one does follow the chain of causes back though and finds not the organisation's culture but an individual who really should have known better. |
|
|