|
|
|
|
|
|
by siliconc0w
3999 days ago
|
|
|
Still it's a well taken point - if you ask most any company if they want to drop the latest project and work on security instead they'd tell you in polite business terms to fuck off. I've had executives try to argue with me - "But nobody knows the URL!" to justify not allocating even the smallest of resources to fix security problems. You really need a good security guy who can be the bad guy and stop projects in their tracks when it's clear there are security issues. Because asking the same people who are accountable for shipping to stop the presses to fix even the obvious shit you already know about is a challenge - much less investing resources in 'shoring up' against attacks you don't anticipate. |
|
|