科技回声

8 条评论

I've been the employee who describes what needs to be done to improve security, only to be ignored. And then some rando off the internet makes note of the security shortcoming in the product and suddenly the boss is going crazy. He says stuff like "Why didn't anyone tell me about this?!" And fixing the issue needs to be done yesterday. No, no time to fix it properly, let's slap together whatever we can and rush it out.So glad I quit that job.

评论 #39220769 未加载

评论 #39230930 未加载

rsync超过 1 年前

This reminds me of something we wrote a few years ago about PCI compliance:<a href="https://rsync.net/resources/regulatory/pci.html" rel="nofollow">https://rsync.net/resources/regulatory/pci.html</a>

datadrivenangel超过 1 年前

The misaligned incentives for security is the core issue, so stronger regulation is needed. Breach happens? entire executive team ought to get most of their remuneration clawed back.

评论 #39323816 未加载

mmvasq超过 1 年前

No one disagrees. Consider project management; for example, which has had many failed projects, has evolved, is still incredibly imperfect. Health care services, have had many flaws, continue to evolve, are still incredibly imperfect. Marketing, has had many flaws, has advanced, is imperfect. Pick one or two problems and advance them. Try not to kill people in the process which is all too common in tech.

评论 #39217562 未加载

MattPalmer1086超过 1 年前

This may not not a popular opinion, but this honestly comes across to me as a sad rant that has nothing worthwhile to say about security.Consultants get paid to come in and advise, and internal staff are ignored? Suck it up, it's not a problem particular to security. I've seen it everywhere.People don't choose hospitals because of their security program? Well, duh. They don't choose hospitals for all kinds of non medical reasons that are still vital for the damn thing to function. Get back to me when you're in surgery and the whole hospital goes down in a ransomware attack.Honestly, if I had to listen to this person on my team for more than 10 seconds, I'd be on the phone to Deloitte before you could blink.

thatfunkymunki超过 1 年前

Yeah, it's basically true

toomuchtodo超过 1 年前

Shouting truth into the abyss. Great read. My CISO chuckled.

blakesterz超过 1 年前

I think the "Your" got dropped from this. Should read:You Security Program Is Shit