undefined | Better HN

0 pointsfreehunter5y ago0 comments

And not just outages, but security incidents. I’ve worked at/with/for many companies as both an employee and a consultant where the top priority wasn’t to have fewer security incidents, but to have fewer security incidents that would require disclosure.

Publicly disclosing an incident to a customer is embarrassing and potentially damaging but almost equally as damaging is telling other teams you had an incident. Now anything that goes wrong is your fault by default because “it’s probably related to that incident” and any new security policies are blamed on the other team: “we wouldn’t have to do that if Ops didn’t mess up last month”.

The answer to “is this service suffering an outage” is seriously complex and hard to determine. The answer to “is this a security incident” is 10x harder and 100x more political because the industry is still just so wildly immature.

0 comments

drchopchop5y ago

Additionally, you're penalized for doing it "right", because you're often competing against companies which rarely say that anything's wrong (ahem, Mailchimp). You look worse, because you're being transparent about service status, which creates the perception that you're generally less stable.

dexterdog5y ago

All of those are reasons that the determination of status should be totally independent of the company technically and legally.

j / k navigate · click thread line to collapse

0 pointsfreehunter5y ago0 comments

0 comments

drchopchop5y ago

dexterdog5y ago

All of those are reasons that the determination of status should be totally independent of the company technically and legally.

j / k navigate · click thread line to collapse