Hacker News new | ask | show | jobs
by iPadDeveloper 5615 days ago
There are lots of programmers out there who do a fine job, they are just clueless about security.

For companies that have programmers that work great, but aren't security experts, it's time to hire security experts.

Suggesting that all the work the programmers did is worthless because they aren't security experts is seeing the world as black and white. It's gray my friend.
2 comments
T-hawk 5615 days ago
There are also lots of programmers who are clueful about security, but work for clueless managers or organizations. I've had many a conversation that went like this:

"Okay I put together this prototype and it's working. I should check it over for SQL injection spots and---"

"StoptalkingnotimeforthatSHIPITNOW!"

link
leon_ 5615 days ago
> There are lots of programmers out there who do a fine job, they are just clueless about security.

Yeah, there are lots of mechanics out there who do a fine job. They are just clueless about breaks ;)

Stupid analogy aside: If you as a programmer who develops stuff for production are not aware of rules like "NEVER EVER FUCKING TRUST ANY USER INPUT" then you're just wrong for the job.

link
iPadDeveloper 5615 days ago
I don't agree because I work in the industry.

Some are programmers who manage the User Database. They deal with all user accounts data. But they aren't the same guys who are responsible for server security.

I'm talking Enterprise Apps that support tens of thousands of users.

link
pavel_lishin 5615 days ago
This guy was responsible for everything, being the sole developer.
link