Any purported expert who uses software without considering its security is simply negligent. I'm not sure why people are trying to spin this to avoid placing the blame on the negligent programmer(s).
And if it is the programmer's fault, what can we do about it? People are trying to avoid finding a solution that isn't throwing their hands up in the air. We either need to solve the problem in a place that is effective with the situation as it is (the tools) or we need to solve the situation such that it has consequences for doing the wrong thing on the part of the developer. Which shall it be?
Since those are only 2 options, and there are many more options, I'll pick option 3: convince people to value and fund universal education more from preschool on, building a better foundation for engineers and other professions in the decades following.
In addition to that, it'd be cool if the blameless postmortems were made public, so everyone could learn from them.
As for the other 2 options of restricting freedom, and extremely blameful postmortems, I reject both.
I still choose the third option, because it is the better of the three, compared to restricting what functionality the software people write is allowed to have, and extremely blameful postmortems (which are bad).
Again, I still choose the third option, because it is the better of the three, compared to restricting what functionality the software people write is allowed to have, and extremely blameful postmortems (which are bad).
You seem really stuck on the first two options. Why does it matter, given that the third is the best? Do you still insist upon a false dichotomy?
Weak programmers do this to defend this group making crap software. I agree that defaults should be secure and maybe there should be request limit on admin, full access token - but then people will just create another token with full access and use it.