[tcmart14]

Yup. Security is a lot of time an after-thought and a burden to quiet a few companies since security is something that is not of immediate value. Last spring we had a speaker from northrup-grunman who talked about the need to push for a DevSecOps strategy.

[southerntofu]

> security is something that is not of immediate value

Yeah exactly. It's a huge cost upfront and zero immediate benefits. The investment is worth it to prevent losing value due to a breach, but unfortunately it seems pretty OK for for-profit companies to "loose" data from millions of their customers without facing any sort of consequences.

I'm not exactly saying it should be entirely okay for non-profits, but these generally don't have the resources/budget to ensure any form of security so i don't have the same standards. In my book, a for-profit business leaking user data due to preventable mistakes should be dissolved instantly by law for endangering uselessly their customers.

> we had a speaker from northrup-grunman

Uh. Sorry for you. These military industrial complex people have the best security advice, but they're the worst kind of humans.

[tcmart14]

For the northrup-grunman, his advise made sense, but as vet I agree with you on the characterization.

As for the for-profit companies. For some reason there is not enough value placed on security in the eyes of the public. Sony is still a major player in the gaming industry, even though the massive hack years ago. Not saying Sony should not be in business, but I don't think it made any major impact on their ability to sell consoles. Security compromises don't seem to have nearly the same impact as other kinds of compromises.