[saurik]

I'm sorry, do you somehow think that is a theoretical concern? I seriously won a $2M bug bounty earlier this year because the CEO of a company wanted to "move fast and break things" their way to a financial product offering :/.

[ninepoints]

It's alarmist because not all software is a financial product and your original statement lacks necessary qualifiers.

[saurik]

No, some products--like this guy's startup--are providing machine learning services for such devices as cars and drones, an area where safety clearly doesn't matter ;P. I think the issue, FWIW, is that we are actually going to disagree on what those "qualifiers" should be, not merely that they might exist.

[satvikpendem]

Congratulations on becoming a millionaire! That's pretty cool (for you at least, probably not their customers).

[sarchertech]

The CEO wanted to move fast and break things with respect to security but offered a $2 million bug bounty?

[saurik]

I am not sure how those aren't incompatible thoughts... I was explicitly told, by the CEO, that she was channeling that mindset, and the security engineer there I ended up speaking to was clearly not bothering to actually figure out how to filter change sets made by their engineer as he "felt bad" about it... and I kind of don't blame them, as to the winners go the spoils in some sense? They were super lucky I was the one that found the issue and not a black hat, as $2M was nowhere near how much damage I could have caused. And that's in a financial system, where you might expect someone to know better, and yet they have the same incentives to play fast and loose as everyone else :(.

[andsoitis]

I think the point here is that the CEO clearly values security, if they were willing to pay you $2m do find issues, isn't it?