Reply to post: Fix symptoms, not problems

Security warning deluge from 'npm audit' is driving developers to distraction

Claptrap314 Silver badge

Fix symptoms, not problems

As mentioned, the issue is the sheer number transitive dependencies. (And as a rubyist, I'm looking at YOU, DHH.) The idea that getting code out the door NOW is functionally the most important thing is what is driving this.

But, as I keep harping, in the end, the customer is king.

Someone posted a mention of James Dean's seatbelt. For those who do know know (such as myself, an hour ago), James Dean died in an automobile accident. Investigators determined that if he had been belted in, he would have survived. At the time, however, very few cars even had an option for seat belts. The article goes on to trace the history of seat belt usage, crediting this incident as getting the ball rolling. I was about 18 when the laws were being passed. I contemplated stopping wearing in protest of the blatantly unconstitutional process by which those laws came about.

I'm afraid that the solution is going to involve legislation. Insurance looks like it is going to fail. (The costs are too high, companies will just ignore the risks.) Liability for directors/board members seems the most likely. The situation with Kaseya is a pretty good demonstration of why.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021