Hacker News new | past | comments | ask | show | jobs | submit
SoftTalker | on: 1k Data Breaches Later, the Disclosure Lag Is Worse
Katherine Archuleta and Donna Seymour aren't writing code or administering online systems. I'm sure their organizations have security policies and standards, why not put the devs and sysadmins in prison if they didn't follow them?

I think that what we're seeing is evidence that humans, in general, are not capable of securely delivering the kinds of online services that they are trying to deliver. It's just too complicated, and while defenses have to be perfect, attacks only have to work occasionally to be worth doing.

Edit: not that we shouldn't expect best efforts, and financial liability for organizational failures. Prison maybe for clear proven negligence or intentional sabotage, but for mistakes? Nobody will write software anymore. When is the last time you wrote even a screenful of code without a mistake?

pixl97 | parent | next
>why not put the devs and sysadmins in prison if they didn't follow them

So we should start treating them like licensed engineers... Actually I agree with this.

loading story #48447800
loading story #48446868
saltcured | parent | next
Accountability needs to start at the top. To allow a system where some underling is a liability blind for the top is to set up a system ripe for abuses of power.
jtbayly | parent
No problem. We can have AI do it.

And the side benefit is that we could summarily execute one every once in a while for failing to write secure code.