Hacker News new | ask | show | jobs
by smarx007 532 days ago
To be fair, I would also be alarmed, albeit not by OTP. "sign an electronic document" and "built with COTs libraries in a single sprint" is essentially begging for a security review. Signatures and their verification are non-trivial, case in point: https://news.ycombinator.com/item?id=42590307
1 comments
talkin 532 days ago
Nobody said you shouldn’t do any due diligence. But 1 sprint vs 2 months of review really smells like ‘processes over people’. ;)
link
normie3000 532 days ago
A more positive view would be that the security team may have had different priorities to the product team.
link
robertlagrant 531 days ago
Two months of review after the work would be a lot more useful than before.
link