[Buttons840]

> This is exactly the right way to build this because none of those "terrible sins" matter when you have no customers and your only goal is to get something working as fast as possible and every second spent making things nice is a waste of time and money because if the business fails then every second spent making things nice was wasted.

There's a lot of truth to this, but I would also like to see companies, and possible even individuals in the most negligent cases, be held liable for damages that come to customers when security breaches happen.

We wouldn't build a bridge with that attitude: "Just scribble whatever on those plans! We need to get this thing built right now! None of this matters if the bridge doesn't exist and people aren't drive across it!" For the same reasons we wouldn't do this with a bridge, we shouldn't do this with software, although to a lesser extent.

[bojan]

You would build a pontoon bridge with that attitude - that's a floating type of a temporary bridge that gets built when it's very important to quickly be able to cross a body of water.

[andrewstuart]

>> when security breaches happen

Again, that must be defined as context and priority.

Priorities:

* deliver as fast as possible

* security matters

These two priorities are somewhat in conflict but it's still important to state them, then developers know where to focus.