Comment Dev reaction to security bugs (Score 1) 123
I have worked long and hard in my profession to get devs to fix security bugs. The reaction mostly falls in one of these categories:
1. I do not understand the issue (read, I am just copying code of the interwebs and have no clue about my job).
2. I understand the issue but we are under the gun to release the product.
3. I understand the issue but the vulnerability is theoretical (read, I don't understand anything about large scale production infrastructure)
Bottom-line: Unless a security big breaks functionality, a dev doesn't care.
Sorry to devs who care but after a decade of trying devs to release secure code, my opinion maybe a bit biased.
1. I do not understand the issue (read, I am just copying code of the interwebs and have no clue about my job).
2. I understand the issue but we are under the gun to release the product.
3. I understand the issue but the vulnerability is theoretical (read, I don't understand anything about large scale production infrastructure)
Bottom-line: Unless a security big breaks functionality, a dev doesn't care.
Sorry to devs who care but after a decade of trying devs to release secure code, my opinion maybe a bit biased.