I come from a security background (6 years in a security firm), and I have seen some pretty paranoid practices. I do not wish that to be prevalent. One thing which I really did appreciate in that firm, and find very valuable, was putting every developer and product person on a security awareness and secure coding course, where basics are taught, but also an attempt is made to push a security-first mindset.
I am now in a consumer-oriented company, and while I appreciate the much more relaxed environment, I am often shocked at how no attention or thought is paid to security. It baffles me that management, at the very least, has little care for this stuff.
I am now in a consumer-oriented company, and while I appreciate the much more relaxed environment, I am often shocked at how no attention or thought is paid to security. It baffles me that management, at the very least, has little care for this stuff.
This is an industry-wide problem.