Hacker News new | ask | show | jobs
by acdha 2537 days ago
Meanwhile over in .gov I’ve had to explain to a pentester that it wasn’t a security problem that robots.txt was accessible without authentication, based on a very big vendor’s scanner having badly regurgitated the OWASP advice.
1 comments
duxup 2537 days ago
The "security" world has an unusually high level of total incompetence. It is scary.
link
acdha 2536 days ago
This is common any time there’s so much demand: in the late 90s it was not uncommon to be in a room full of people who were ostensibly web developers and didn’t understand how the web or their backend servers worked but were certain they were about to become rich.

Security is especially bad because so many large organizations are under pressure to improve but the market is tight and the pool of experts is limited. Also, many places have outsourced to large contracting companies who don’t want to admit they don’t have enough qualified staff and will hope that you’ll be satisfied with whoever they deliver.

link
duxup 2536 days ago
Yeah no doubt it is a phase.

It's just a really nasty phrase right now.

I always think of this:

https://medium.com/@djhoulihan/no-panera-bread-doesnt-take-s...

link