Hacker News new | past | comments | ask | show | jobs | submit login

Giving devs the green light to go crazy is also a recipe for disaster. Devs don't necessarily understand everything going on within a organization or even have a grasp on the security controls in place. In the last six months, I have experienced devs publishing secrets to open buckets, using insecure algorithms for creating customer and session ids, go to production with 3rd party vulnerable code, attempt to bypass a waf, attempt to bypass penetration testing and the list goes on. All of these things were done by developers with at least 4 years of "experience". Saying NO is sometimes the best way to save your business and brand from ending up on krebs as the latest breach.



Agreed. It's definitely a two-sided coin

Not saying that devs shouldn't be allowed to experiment, but a lot of times they need supervision.


By all means, check everything I boot up in AWS, but don’t prevent me from doing so in the first place.

My current company does this and it’s great. If I do something bad it gets destroyed in 30 minutes unless I fix it (we get notifications).




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: