[notyourwork]

I find it a bit sad that a tech literate group is bashing a non-literate group fo people. The entire reason your salary is much larger than many other career paths is because of your ability to deal with technology. The premise that when the less educated and informed try to question something they don't understand only to be left with pandering and jabs is disingenuous. The questions although perhaps better phrased by someone with a more tech focused background are fine questions for a business to ask. Stop being douchebags and grow up.

[krisoft]

> I find it a bit sad that a tech literate group is bashing a non-literate group fo people.

Creating a software bill of materials is a technical task. Managing software security risk is a technical task. These need to be performed by a technically literate person.

A Fortune-500 company has the resources to pay for such technical competence. They are not a mom-and-pop shop.

No Fortune-500 CEO would get their teeth done by a fly-by-night "dentist", nor would they hire "builders" who can't nail two planks together. They would pay for the expertise. If they don't know how to find the expert they would pay for the expertise of finding the expert first and then they would pay for the expertise.

But this is not what they did. They found someone who is both lacking the necessary technical common sense and is terribly arrogant. That is worthy of ridicule. And I'm not ridiculing the individual employee but the whole company.

> The premise that when the less educated and informed try to question something they don't understand only to be left with pandering and jabs is disingenuous.

That idea flies when a student is lost in the woods. When an economic juggernaut combines technical illiteracy with a lack of tack they can get the sharp ends of our tongues.

> The entire reason your salary is much larger than many other career paths is because of your ability to deal with technology.

Won't be for long if we silently support huge companies to employ muppets. Which is why asking for a support contract is the right answer here.

[kahrl]

I find it sad that the security department of a Fortune 500 company is sending out emails demanding OSS maintainers respond within 24 hours or else.

You can feel sorry for the poor sap that was forced to embarrass himself, but it doesn't change the fact that everyone here feels like that company can get bent.

[notyourwork]

Why should the company get bent? Because some executive caught wind of a critical zero day and decided to have their company mitigate damage the same as any other company.

Do you really think the security department in this specific company would not find this email dumb? In many cases, when things are reacted to hastily and in parallel its easy to take one action and generalize it to the whole company and not realize this is one of many actions the company took. No need to get bent out of shape over this and say this entire fortune 500 company is equally incompetent. If you think that you are not living in reality.

[commandlinefan]

I had the same thought - the e-mail really wasn't that unreasonable, coming from the perspective of somebody who didn't realize there was no support contract in place (and maybe didn't even understand how that could happen). Haxx's response seems similarly reasonable - we don't have a support contract, let's get one in place and then move forward from there. This really seems to be an object lesson that if you're depending on somebody for business-critical infrastructure, make sure they have a reason to support your business.

[notyourwork]

I agree, the response was reasonable. My frustration is with this hackernews thread and the constant judgement and snarky attitude we give to less tech literate folks. If everyone understood tech, we wouldn't be paid nearly the salaries we are for what we do.