|
|
|
|
|
|
by djsweet
1367 days ago
|
|
|
> > it's the difference between a $200m raise with a bunch of untested API endpoints and a $10m raise with them. > I'm tired of companies with API endpoints that leak data like a sieve. This is why companies need some skin in the privacy game. There is a world of difference between “untested” and “insecure” API endpoints. What seems to have been cut in the example isn’t a permissions model, but some form of automated integration testing. I’ve seen horribly insecure APIs with 100% code coverage, and I’ve personally burned myself on untested API endpoints where the privacy implementation was _too_ restrictive for what my customers were trying to do. |
|
|