undefined | Better HN

0 pointsInvictus07mo ago0 comments

Like I said, the license should be for handling sensitive data. You're free to make doodle jump if you like.

0 comments

I just don't like when comments on things like this don't engage with the downsides. Gatekeeping isn't "free" or strictly better

Invictus0OP7mo ago

The status quo is that anyone can make an application that leaks a million drivers licenses, with no oversight, penalty, or restrictions whatsoever. This is good?

If hairdressers have to take time to learn how to not cut people's ears off, people publishing applications should have to learn basic security practices. I think you will find that no one finds this controversial. And yet, we are moving to a world where AI is making it easier than ever for an army of vibe coders to make apps without knowing the literal first thing about security.

8n4vidtmkvmk7mo ago

I'm thinking about this selfishly. I'd have to go and take a test. But my employer would probably pay for it. Maybe if I wasn't already employed, it'd be on my own dime, but even that isn't too unlike the school I've already paid for. And I'm sure I'd pass the test. As long as I don't have to recertify too frequently, it probably wouldn't be awful. And also selfishly, if it keeps some riffraft out, I wouldn't hate that either.

I guess my biggest concern, with parallels to that time I sold life insurance, is that they test for one thing and then in practice you do a different thing. I hear the same is true for realtors. So.. it becomes an exercise in memorizing some BS that you won't use again after the test. If we do this, the software engineering test would need to be updated at least annually, and better be written by some well respected security researchers.

j / k navigate · click thread line to collapse