← Back to context

Comment by creer

13 hours ago

> I thought not trusting clients was already security 101?

Of course it is. Always has been.

The security field is riddled with complete nonsense. Much of it even couched in terms of "best practices". It's the perfect field for people with zero specific knowledge or experience to be trusted with management or engineering - since it doesn't matter until it did matter, at which point a mild non-apology is usually sufficient.

2 comments

creer

Reply
TeMPOraL  7 hours ago

Security field isn't about security, it's about managing liability. "Best Practices" don't need to result in actual security - what matters is that, if you follow them and a security incident happens, you can say you followed the Best Practices and therefore It's Not Your Fault.

  • creer  4 hours ago

    You are right. And by now an "it will be fixed next month" seems to be enough. even when nothing is fixed.