@yacc143@vincent@calamari but there's every chance that it would end with United owning the wreckage of Crowdstrike which doesn't really help. But as a software engineer I don't see criminalising bugs either as a good thing
@ianturton@vincent@calamari
Ah, but we reached the point where all kinds of security “regulations” (be it from authorities, ISO standards, or insurance companies) lead to situations where actually senior software engineers roll eyes when management explains “necessary measures”, that obviously will lower actual “technical” security just tick obscure items on a list, that make little to absolutely NO sense in the local context.
@ianturton@vincent@calamari
So having legal accountibility for these "necessary measurements" and their (often) 3rd party providers sounds like a great idea to stop these idiotic practices, and make the managers and bean counters really do their work, and assess risks, probabilities, and costs for all the options.
And not blindly assume "product X" provides capability Y for so many $Z no need to consider risks what could go wrong.
@ianturton @vincent @calamari
Ah, but we reached the point where all kinds of security “regulations” (be it from authorities, ISO standards, or insurance companies) lead to situations where actually senior software engineers roll eyes when management explains “necessary measures”, that obviously will lower actual “technical” security just tick obscure items on a list, that make little to absolutely NO sense in the local context.