|
|
|
|
|
|
by judemelancon
3983 days ago
|
|
|
Ethics are part of competence in my opinion. Even if you disagree, preventing corporate liability is a component of competence in the law's opinion. That is, if the company is found liable, that's saying the employees responsible did something wrong, even if it's not holding them individually accountable. |
|
|
Parent is 100% correct. It's market-adaptation. Same reason Samsung ships known-vulnerable extensions to Android: features >> security.
> So, it's perfectly possible that every engineer and manager who worked on these systems is really quite competent and perfectly aware of the potential for security flaws [...], and still the sum of all the decisions made and market pressures applied caused the resulting product to be so vulnerable despite everyone's best intentions.
I think this is key. Although I'd lump it more on management given that they allocate technical resources. When you have a lack of technical knowledge in management, you lose the ability to make technically informed decisions.
Sometimes the nuances of a situation can't be summed up in a PowerPoint slide. Especially when it's a slide that someone created to summarize a slide deck from an engineer that they saw.
You think at least some of the OPM vulnerabilities were internally unknown? Even with incompetence, you had to have actual engineers who looked at settings and/or lack of feedback and went "Hunh..."