undefined | Better HN

0 pointsdataflow18d ago0 comments

> Everyone seems to think they are doing the right thing

I like to think people would agree more on the appropriate method if they saw the risk as large enough.

If you could convince everyone that a nuclear bomb would get dropped on their heads (or a comparably devastating event) if a vulnerability gets in, I highly doubt a company like #2 would still believe they're doing things optimally, for example.

0 comments

KronisLV18d ago

> if they saw the risk as large enough.

If you expose people to the true risks instead of allowing them to be ignorant, the conclusion that they might come to is that they shouldn’t develop software at all.

dataflowOP17d ago

The assumption was obviously that they have a compelling need to develop the software. For the sake of illustration: you imagine exposing them to whatever the highest level of risk is that still makes them wiling to develop software.

emodendroket18d ago

Really? You think the alternate mode where you're running 5-year-old versions of stuff with tons of known security flaws is better?

coldtea18d ago

What part of "We reviewed all relevant CVEs as they came out to make a call on if they apply to us or not and how we mitigate or address them" gave you that impression?

emodendroket17d ago

My experience with how such a strategy typically plays out in reality.

HeatrayEnjoyer18d ago

>running 5-year-old versions of stuff with tons of known security flaws

No one in this thread proposed that, or anything that could be reasonably assumed to have meant that.

j / k navigate · click thread line to collapse