It's a strange disconnect between the quality of the incident response and the extremely basic nature of many of the bugs reported. I mean SECRET_KEY='secret'?! Seriously straightforward stuff.
Why? One depends on development practices, the other on security-team practices. You can have a team of donkeys building a product and the sharpest hackers guarding it. Ideally best practices would trickle down, but that's not a given.
> You can have a team of donkeys building a product and the sharpest hackers guarding it.
You could do but it's a pretty risky way to run a business. Obviously the real world often gets in the way, but a competent manager would look at that org structure and say "shouldn't we move some of those smart ppl on to the build team to catch issues before they're in prod? Seems awfully risky waiting until it's live to catch these bugs which could cause us massive financial harm"
From experience, a lot of talent security people really just don’t want to be developers, even if they’re good at it. It’s not always as simple as shuffling people around between teams.
Why would anyone even use such a predictable word for dev environment? I am baffled by this practice of not following the bare minimum security mindset even when you are just running it in a dev environment
Whilst you are being facetious, deadbolting a bathroom door is really really dangerous.
Bathrooms have a high risk of life threatening accidents and any locks should be bypassable indicators - this is why most have a coin unlock on the outside.
Many countries have regulations requiring bathrooms to be unlockable from the outside without a key, and the external doors to be unlockable from the inside without a key.
Deadbolting a bathroom is also pointless - there is nothing ti protect.
Using an effective password for dev environments is sensible; it holds no risk of meaningful loss and can prevent compromise due to a common mistake.
I guess I should go check if I can unlock my (regular lock) bathroom door from outside!
> Deadbolting a bathroom is also pointless - there is nothing to protect.
Pedantically, many people keep medicines in their bathroom and if you happen to have any recreationally-usable drugs, they'd be one of the first things to go in a lot of robberies. Or, sadly, be taken by your teenager or seemed-to-be-normal friend.
No, but the bathroom does have a lock that can be used from the inside. Not a door that has a window in it and a lock that can be controlled from both sides of the door.