@ianturton @vincent @calamari The point is that there...

@ianturton @vincent @calamari
The point is that there needs to be some adjusting of the weighing functions.

And in our "capitalist" world, this happens by assigning costs.

As long, there is no direct cost for bugs, even catastrophic ones, companies will ship products with catastrophic bugs just to meet the schedule some marketing egg head invented for artificial reasons.

Like 20 July at 13:31 | Wall-to-wall | Open on mastodon.social

3 comments

Ian Turton

@yacc143 @vincent @calamari but there's every chance that it would end with United owning the wreckage of Crowdstrike which doesn't really help. But as a software engineer I don't see criminalising bugs either as a good thing

20 July at 14:20 | Open on fosstodon.org

Andreas K

@ianturton @vincent @calamari
Ah, but we reached the point where all kinds of security “regulations” (be it from authorities, ISO standards, or insurance companies) lead to situations where actually senior software engineers roll eyes when management explains “necessary measures”, that obviously will lower actual “technical” security just tick obscure items on a list, that make little to absolutely NO sense in the local context.

20 July at 17:46 | Open on mastodon.social

Andreas K

@ianturton @vincent @calamari
So having legal accountibility for these "necessary measurements" and their (often) 3rd party providers sounds like a great idea to stop these idiotic practices, and make the managers and bean counters really do their work, and assess risks, probabilities, and costs for all the options.

And not blindly assume "product X" provides capability Y for so many $Z no need to consider risks what could go wrong.

20 July at 17:49 | Open on mastodon.social

Go Up