|
|
|
|
|
|
by neoburkian
2505 days ago
|
|
|
Because thats fundamentally not the problem. At every company I've worked at, the senior engineers could tell you exactly how they were skimping on security, why its bad, and how to fix it. The problem isn't lack of knowledge or skill, it is that management refuses to commit the resources necessary to build secure products. When the difference between building secure X and not-secure X is often 2-3 times the effort and time commitment, managers will almost always pick not-secure X and roll the dice on nothing going wrong. From their point of view, adding security does nothing for the product. The customers are paying for the value-prop and marginal improvements on it, not the integrity of the backend. If you want to solve the problem of lax security, you need to make security breaches a buisness-ending proposition. You also need to increase the likelyhood of being compromised so that people aren't tempted to roll the dice. If you want regulation, I would support some kind of white hat law that says if you compromise sensitive company data, the corporation has to (1) pay an amazon-bankrupting amount of money and (2) they have to give 20% of it to the team that broke them. |
|
|
I'd love to see this even though I know it won't happen but I want to go through a mental exercise:
(Off-topic but) where does this money go to? I think about things like traffic tickets or any other fee or fine and I can't think of anything that's any good. If it goes to anything that taxes would go toward, it will cause pressure to decrease taxes and make our governments dependent on this income.
Is there any good answer to this? Prison for the CEO and the board seems much easier in comparison.