Comment by Avicebron

12 hours ago

We could also throw the CEOs of companies who don't properly secure their infrastructure and pay their security engineers enough in jail. A little justice on both ends.

9 comments

Avicebron

Reply
scheme271  11 hours ago

Uh, who determines that the infrastructure wasn't properly secured? Who is willing to risk prison because some intern accidentally committed an API key or made a dumb mistake. Conversely, what's the chances that no one actually gets prosecuted regardless of how sloppy their security practices are?

  • applfanboysbgon  11 hours ago

    > who determines that the infrastructure wasn't properly secured

    An investigative body, the same kind that determines the who, the why, and the how when an airliner crashes or a bridge collapses. Obviously a lot of work needs to be done to get from point A to point B, and it won't happen overnight, but software development is currently a deeply unserious profession and at some point a genuine software engineering practice needs to be developed.

    I am, perhaps naively, slightly hopeful that the LLM bullshit plaguing our industry will be the gust of wind needed for the house of cards to collapse and governments to realise that allowing the entire world to be vibe coded is not sustainable.

    • dghlsakjg  11 hours ago

      Pretty famously, aviation incident investigations are almost always not done with prosecutorial intent, and more about truth finding. It leads to people involved being cooperative to prevent future problems instead of ass covering to prevent jail.

      Aviation’s safety record is not coincidental.

      2 replies →

    • JumpCrisscross  9 hours ago

      > An investigative body

      This just in: Anthropic, Harvard and Jimmy Kimmel have been investigated and found guilty of not securing their infrastructure.

  • sayamqazi  5 hours ago

    When a great product is built it was the leadership and when a mistake was made it was always the employee that did it. Cool!

  • Avicebron  11 hours ago

    Ideally the chances are high to certain they get prosecuted for sloppy security practices. It's part of the gig of being a CEO, if you imagine you are such a visionary/ideas guy/leader/whatever, risk taker (always a risk taker) then you can gamble spending 20 to life because you weren't actually as good as you thought.

  • chrisjj  4 hours ago

    > Uh, who determines that the infrastructure wasn't properly secured?

    ShinyHackers, obviously.