Comment by pishpash
6 days ago
You don't know what you don't know. How was a non-technical glorified PM supposed to know to ask for these things in the first place? Such technical practices developed over time in the history of software engineering, as problems arose.
This is the main problem with AI and vibe coding right now: it does what you ask (and sometimes does related things in the line of that ask).
It doesn't look at the big picture of multiple entry into the software. For example he had one vulnerability which required a hop through email which would create an entry into a table that ended up elevating permissions temporarily.
Hopefully platforms like Replit, Firebase Studio, et Al one day just include a security audit agent.
Everyone knows that hackers exist and exploit security lapses. Everyone. You might not know the details and such, but you should responsible enough to at least ask if you are taking people's money. I just don't think the ignorance card is plausible here