|
|
|
|
|
|
by mschuster91
1743 days ago
|
|
|
> It makes absolutely no sense to impose these constraints upon the field at large. As soon as you deal with customer PII, it does make sense to mandate a) insurance and b) standards. Just how much PII got compromised because of failure to adhere to basic IT security standards? Target got hacked because they put IoT devices on the same network as the cash registers and CC readers. Web shops are hacked every day because of software unpatched for years. Hospitals and other critical infrastructure get hacked on a weekly basis because of even more unbelievable security issues (like, once again, running unpatched software and lacking network segmentation). And don't get me started on the utterly disgusting shit you see in smartphone BSPs. The stuff that vendors do there is just mind boggling - if I were a secret service looking for an exploit, I'd start in the horribly patched-together kernels. Or in IoT devices that are outdated the very moment they leave the factory floor. Yes, we definitely need a lot more mandatory quality control and standards. |
|
|
> If you have a specific business application that requires additional scrutiny (i.e. nuclear reactor scram control system), then the appropriate domain-specific regulations & certifications should be applied.
Feel free to replace "nuclear reactor scram control system" with "PII" or any other less urgent thing that makes the particular business nervous. There are many problem domains where you literally cannot fuck this stuff up even if you tried.
The stakes for indie game developers are substantially different than those for a F500 insurance company.
We definitely need to get the fuck out of other people's business. If you dont want someone to have your PII, dont share it with them. Regulating everyone on the same axis is pure tyranny when the problem space is so large.