Hard of Hardening
> “Presumably Kensington didn’t add authentication because they didn’t expect anything to try to talk to the server other than their own, trusted UI.”
Developer: There's the proof of concept working... [and goes on to demo the functionality]
Product owner: That's great, we'll GM on Friday.
Developer: But there's been no volume testing, compatibility testing, nor security hardening?
Product owner: That's great, we'll GM on Friday.