this post was submitted on 22 Mar 2024
134 points (98.6% liked)
Cybersecurity
5677 readers
106 users here now
c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.
THE RULES
Instance Rules
- Be respectful. Everyone should feel welcome here.
- No bigotry - including racism, sexism, ableism, homophobia, transphobia, or xenophobia.
- No Ads / Spamming.
- No pornography.
Community Rules
- Idk, keep it semi-professional?
- Nothing illegal. We're all ethical here.
- Rules will be added/redefined as necessary.
If you ask someone to hack your "friends" socials you're just going to get banned so don't do that.
Learn about hacking
Other security-related communities !databreaches@lemmy.zip !netsec@lemmy.world !cybersecurity@lemmy.capebreton.social !securitynews@infosec.pub !netsec@links.hackliberty.org !cybersecurity@infosec.pub !pulse_of_truth@infosec.pub
Notable mention to !cybersecuritymemes@lemmy.world
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Lol, I wrote contractor code for DoD. Obviously, DoD wants really good security on their code. One particularly bad project I ended up as a subcontractor on, management kept insisting that what we were coding was a prototype, and we could add in the security in the actual project. And all us coders were like, "No, you're having us write the actual project and the security has to be designed into it from the base up, 'adding it in later' like you won't admit you're planning on doing will leave way too many places for security holes to occur. Let us stop programming this shit and design some actual security and then get back to work." We were told "lol, no, you don't know what you're talking about, this is just a prototype, get back to work."
We had little buttons printed up saying, "Don't worry: this is just the prototype, we'll do the real programming later."
Of course, two years later, the "prototype phase" ends, and management comes to us and says, "Hey, okay, so we've decided that what you've been working on is what we're actually going to ship. You need to go back and make it fit all these really-high-level-security requirements." Which of course would mean going through all this code and essentially redesigning and rewriting over half of it from scratch. Over half the coders were gone in six weeks.
I still have my nifty little button, though.