Hacker News new | ask | show | jobs
by dwoosley 4 hours ago
I’ve done a lot of security consulting work for hundreds of companies and one thing I noticed is that the companies that actually took security seriously were the ones that had been breached in the past. Until the execs and board see the dollar impact themself and not just read about it, the security program never gets the funds it needs.

I’m not saying I recommend LastPass for that reason, but I wouldn’t write them off for that reason.
2 comments
gonzalohm 4 hours ago
But LastPass has been breached multiple times by now. I don't think they really care
link
dwoosley 3 hours ago
There are lots of types of a “breach”. The first and second (the major ones) were likely related so more like one continuous incident. This one was a vendor breach that had access to their data so not a reflection of their security program as much as the first.

I’m not saying you’re wrong, I’m saying you can’t tell from this incident.

link
sys_64738 3 hours ago
What happened to the old days of only getting one chance to f-up? Once chance and they should be gone permanently.
link