Reply to post: Re: Who is "we", Kemosabe?

We're almost into the third decade of the 21st century and we're still grading security bugs out of 10 like kids. Why?


Re: Who is "we", Kemosabe?

While what you said is absolutely true, I think he's going for the thought that some companies work on the process that security breaks things and the downtime risk is more important than security breach to them. The only recourse the security team have is some form of risk to mgmt of gross negligence, and using the number as a cudgel against them to put them individually at risk. That number often can be used as the trigger point of gross negligence to force them to divert resources, delay product release, etc that they would otherwise jam through, because we haven't gotten hacked yet. Not saying that companies that work that way are right or even sane but that's the way it often is

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon