frankly, as someone who is absolutely not a security expert but who pays attention to security concerns, most security efforts provide very little business benefit.
What was it Steve Yegge said in that legendary platforms rant?
"But I'll argue that Accessibility is actually more important than Security because dialing Accessibility to zero means you have no product at all, whereas dialing Security to zero can still get you a reasonably successful product such as the Playstation Network."
Even if you get bit by a huge data leak, it's just not going to matter that much (from a business perspective) if you already managed to become a big, significant part of the world (like PSN or Equifax - they're still around today, largely unimpacted by their screwups).
If you don't manage to become a big, significant part of the world, security successes or failures just won't matter that much. You don't have a lot of value, because you don't have a huge treasure trove of data, so you're not a primary target for most attackers. You'll sit there being irrelevant, and if there is a breach someday, probably neither you nor any of your handful of customers will actually notice."
Am I content that the world functions this way? No.
But I think it's important to recognize that it does.
What was it Steve Yegge said in that legendary platforms rant?
"But I'll argue that Accessibility is actually more important than Security because dialing Accessibility to zero means you have no product at all, whereas dialing Security to zero can still get you a reasonably successful product such as the Playstation Network."
Even if you get bit by a huge data leak, it's just not going to matter that much (from a business perspective) if you already managed to become a big, significant part of the world (like PSN or Equifax - they're still around today, largely unimpacted by their screwups).
If you don't manage to become a big, significant part of the world, security successes or failures just won't matter that much. You don't have a lot of value, because you don't have a huge treasure trove of data, so you're not a primary target for most attackers. You'll sit there being irrelevant, and if there is a breach someday, probably neither you nor any of your handful of customers will actually notice."
Am I content that the world functions this way? No.
But I think it's important to recognize that it does.