Matt MassicotteProgrammers are usually fed a steady diet of features and bug fixes. But occasionally they get to work on performance problems. This development methodology is known as intermittent fasting.
Felix Eckhardt@mattiem This is why the security in most systems suck. Nobody wants to invest or work on it.
an actual bus@felix_eckhardt @mattiem Well, sometimes the issue is that you're dealing with something that has grown throughout the years and was never meant to be what it is today, and trying to implement security mesures has you run into rabbit holes and cascading problems.
Source: this is my exact job description
@renardboy @mattiem Of course there is not only one reason for poor security. I have seen a lot of Projects in many different companies and sectors. And they had one thing in common: management is not willing to spend significant money on security unless something went south or regulations required it.
And your case sounds a bit like management is not willing to spend the money needed so you can rewrite what's necessary to have a secure software. Ofc i might be completely wrong on this.
@renardboy @mattiem Judging from a distance is hard and there might be other things forcing your company to go on like this. Often enough money is the root cause.
@renardboy @mattiem and when regulations require certain security measures it is often hard to find people who really want to invest their time in the topic. Thats ofc not the case for everyone. But I actually heard people say things like "I just want to build features" and I sensed that security is just some obstacle in their work and not part of their work.
That's different on your side? I think that's awesome ❤️