Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

It was a configuration change so there were no dangers adding it, so she being a security engineer isn't relevant. The right punishment would be to tell her what channels she can use to send union messages and tell her to just do security related popups in the future. If she continued sending messages like this then fire her, but it is dumb that she got fired over something that would take literally 5 minutes to fix.


Configuration is code. Many an outage has been caused by a bad configuration push.


Configuration which consists of an url and a message to display on said url is not that kind of configuration push.


It's extremely relevant I will reiterate I know literally 0 large companies where this would be tolerated from a security team member.


Google did tolerate exactly the same kind of behavior from the internal OS distribution team before, you could argue that security is even more important there than in a browser plugin.


I am not a Googler but I reiterate I know exactly 0 CSOs that would tolerate this. You providing an example outside of security team kindah reinforces my point.


The internal OS distribution team is a security team. They ensure that the OS everyone at Google works on and run their code on is secure.


They report to CSO ? Would be pretty unusual again not a googler but normally that would not be part of security team


Google has a lot of security teams since they do all of their infra themselves. The people who push security patches to peoples OS's is a security team, and they used that channel to push a message similar to this.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: