undefined | Better HN

0 pointskrainboltgreene1y ago0 comments

Given the nature of software development and software developers, especially given American companies decide to value shareholder profits over programmer productivity, this might as well be effectively "You don't need to get vaccines, simply don't get sick from other people."

0 comments

wyldberry1y ago

Things like this are suppose to be provenance of an organizations security engineering teams. Helping to ensure you don't ship something like this. It's also hard for them too because no one wants to force developers to re-implement already solved functionality.

krainboltgreeneOP1y ago

I also have never met a security engineer that was eager to do that.

finnthehuman1y ago

> never met a security engineer that was eager to do that

Of course not. We do the fun parts, and write tickets to make the dev team do the boring parts that we will later complain are not implemented to the quality standard we would have reached, had we done the work. That's the deal.

wyldberry1y ago

Late to reply, but yeah no one is eager to do it. Unfortunately being good at security means being really good at work that is boring, tedious, and not glamorous, which also measures poorly into OKRs and other facets of shipping culture. Unless the team has really strong leadership that can get the security engineer ladders divested from the SWE/SRE ladders.

I literally just finished up writing up something that does supply chain provenance checking across 9 languages and still have a lot of edge cases to handle. It's not fun, but it's honest work.

nightpool1y ago

Out of curiosity, I've always meant to ask, are you related to the famous Geoguesser content creator in any way? It's a pretty distinctive last name.

krainboltgreeneOP1y ago

I believe he might be a distant cousin. I've done some family tree searching myself and haven't found many things, since the Rainbolt side has mostly been scoundrels and vagabonds there aren't many details, but we do have a mountain that we named after ourselves after we stole it from natives.

j / k navigate · click thread line to collapse

0 comments

wyldberry1y ago

krainboltgreeneOP1y ago

I also have never met a security engineer that was eager to do that.

finnthehuman1y ago

> never met a security engineer that was eager to do that

wyldberry1y ago

I literally just finished up writing up something that does supply chain provenance checking across 9 languages and still have a lot of edge cases to handle. It's not fun, but it's honest work.

nightpool1y ago

Out of curiosity, I've always meant to ask, are you related to the famous Geoguesser content creator in any way? It's a pretty distinctive last name.

krainboltgreeneOP1y ago

j / k navigate · click thread line to collapse