|
|
|
|
|
|
by defined
2917 days ago
|
|
|
This. I worked with an end-to-end encrypted communications company for 5 years, and learned a vast amount more about crypto, attack vectors, and security holes than I did in the previous decade or two, but I would never claim to be a security or crypto expert, or even competent at it. In fact, I almost certainly know only a tiny fraction of what the actual experts in that company knew, but a number of people have told me that I know a lot more about it than the average developer. That scares me, and if people flame someone for recommending that a dedicated security expert be hired by companies that handle sensitive data, I can only conclude it is out of ignorance - of what's out there, and what's possible. On the other hand, there are economic realities to consider, especially in early-stage, underfunded startups. What do they do about this? |
|
|
Its hard to even think about these things for those of us working at low levels, firmware, embedded, etc...
Your comment got me to thinking about what I don't know. Which is a whole lot.