[brookst]

I don’t see it.

Imagine for a moment the there is no oversight. Every intern can ship prod code with their own homemade crypto.

How do you, in a retail business, agree to accept credentials that anyone can mint for free?

I mean obviously it happened. But… this doesn’t even seem like a compliance mistake. It’s a business-level mistake.

[carlmr]

If you've never worked in a large corporate environment you don't know how stupid things become. In a perfect bureaucracy nobody thinks.

[eks391]

> In a perfect bureaucracy nobody thinks.

This resonates so well and I love it. I'm stealing this

[brookst]

I work at a Fortune 10.

Things get stupid for sure. But I have never once seen “hey let’s do away with access controls for high-COGS services”.

[carlmr]

It's never that explicit, it's more the things that nobody takes care of, because it's nobody's job. The bigger the company, the more jobs fall through the cracks, that should be taken care of, but lack an explicit role in the hierarchy.

There's usually a small handful of people that care more than they should, keeping the company afloat, but it's despite the company's policies, not because of them.