Hacker News new | ask | show | jobs
by roc 5410 days ago
I was thinking more about the systems for major banks, defense contractors, industry suppliers, etc.

And effective security wasn't meant to imply the best thing you can think of. It would be a huge step forward if more people simply did the things we all know we should be doing: e.g. policies of accounts not having more access than necessary, network security not 100% focused on the firewall, etc.
1 comments
127001brewer 5410 days ago
It would be a huge step forward if more people simply did the things we all know we should be doing...

That's what I mean by "effective security".

Although security breaches at banks should fall under such laws (especially since they have personal identifiable information), I do not believe defense contractors, energy concerns, industrial suppliers, etc, should even acknowledge such breaches simply because of national security.

link
roc 5410 days ago
> "That's what I mean by "effective security"."

That stuff doesn't cost all that much more. It's non-trivial, sure. But it's not going to make a huge impact on the bottom line. A demand for it would end up costing enterprise software suppliers quite a bit in one-time costs to clean up their code-bases and standard install practices.

> "I do not believe defense contractors, energy concerns, industrial suppliers, etc, should even acknowledge such breaches simply because of national security."

Perhaps not to the general public, but certainly they should be required to disclose to their clients.

link