|
|
|
|
|
|
by torgard
1803 days ago
|
|
|
A post-mortem should not necessarily blame the individual, but blame the circumstances the individual finds themselves in. Yes, a hard-coded password is bad practice. But does the company have a bad culture of keeping configs in repos? Maybe management thinks it easier to commit configs with sensitive data, than to set up proper deployment shit. And after all, the repos are private, so it should be fine yeah? Bad code ending up in production is something you'll see often. Does the company have nice test suites for everything? Continuous integration pipelines? E2E tests? Or is upper management pushing everyone to their limits, because "fuck it ship it"? |
|
|
If management thinks that skipping testing and implementing insecure controls is the way to go, get that in writing.
Collectively, developers need to show a higher degree of professionalism in this regard.