This is the kind of thing I think about whenever people say "managers should trust engineers and leave them alone to do their work".https://arstechnica.com/security/2024/09/meta-slapped-with-101-million-fine-for-storing-passwords-in-plaintext/
-
Marco Rogersreplied to Marcus "MajorLinux" Summers last edited by
@majorlinux @donaldball @galactus and if not, then users better beware! Because we’re definitely not gonna risk losing our jobs to protect them. Yes I get it.
-
@polotek makes sense. Security and safety have a good regulatory fit. But sometimes it just comes down to, “Will this cost the company a bunch of money?”, which is just a management function.
-
@polotek this is a misrepresentation of what I said, I assume for comic effect?
-
@dan I don't think it's funny at all, no. If you'd like to seek clarity, you can feel free to ask questions though.
-
@agocke most leaders don't know how to make business decisions around risk. Their default is to take the risk as long as it feels like a remote possibility today. Then when the bad thing happens, they look around for who should've prevented it from happening.
After you understand that risk is real, you start building it into business plans and making sure it is accounted for.
-
@polotek in the course of this thread you seem to have done a 180 from "we need managers so that engineers don't do a half-assed job and ship code with cleartext password storage" to "managers don't care whether passwords are hashed and engineers should just do that shit anyway". Oh, and then something about being combative instead of looking to understand (can't remember the exact phrasing there).
I could ask for clarity or I could just, I suppose, regret having responded to the initial post -
@dan Let me give you a tip. Stating your characterization of what you think I'm saying is not the same as asking a question to seek clarity. If you have a question, please just ask it. If it helps, I can assure you that your interpretation of what I'm saying is incorrect and does not contain enough nuance. If you don't have a question and just want to exclaim incredulously, you don't need me for that and it doesn't have to be in my mentions. Thanks.