• AwesomeLowlander@lemmy.dbzer0.com
    link
    fedilink
    English
    arrow-up
    6
    arrow-down
    5
    ·
    4 months ago

    30 engineers is startup-sized. 30 engineers to deal with the needs of a sensitive software being used by millions worldwide, and is a huge target for cyberattacks? That’s way below the threshold needed.

    • dandi8@fedia.io
      link
      fedilink
      arrow-up
      3
      arrow-down
      2
      ·
      4 months ago

      This sounds like the devs are personally, sword and shield in hand, defending the application from attacks, instead of just writing software which adheres to modern security practices, listening to the Security Officer and occasionally doing an audit.

      • AwesomeLowlander@lemmy.dbzer0.com
        link
        fedilink
        English
        arrow-up
        3
        arrow-down
        1
        ·
        4 months ago

        They’re not just writing the software, they’re responsible for the infrastructure it’s running on. And keeping that running and secure IS a full time job.

        Right now, you sound exactly like one of those C level execs who looks at IT and asks “We haven’t had an issue in years, what do we need to pay them for?”

        • dandi8@fedia.io
          link
          fedilink
          arrow-up
          2
          arrow-down
          2
          ·
          edit-2
          4 months ago

          Even if you have a full-time role for continuously auditing the infrastructure (which I would say is the responsibility of either a security officer or a devops engineer), you still didn’t show how that needs a 15-person team, and an otherwise-untouched infrastructure should just keep on working (barring sabotage), unless someone really messed something up.

          If CI builds or deployments keep randomly failing at your place, that’s not an inescapable reality, that’s just a symptom of bad software development practices.