> This is what happened at Twitter - when the government came after them because they were getting hacked too often, Twitter went out and hired 'real' programmers and got things working. That's something that gets missed a lot in the 'startup story'.
I'm sorry, but this is just silly. Dealing with hackers does not make you a "real" programmer. It just makes you a programmer with special expertise in a very particular and narrow aspect of programming - dealing with hackers. It's a niche skill and doesn't necessarily translate into prowess in other areas. Startups need eager, polyglot programmers who are willing to get their hands dirty, learn on the job, and deal with the uncertainty you wouldn't normally have to worry about in a large, stable company.
It's more than just dealing with hackers. It's the overall scope of having to be responsible for critical work under heavy scrutiny. Most companies have a myriad of technologies...that isn't just the domain of startups. In fact, normally, startups have much more specialization. If you work as a coder at a big company, you might have to know Java, C++, .NET, PHP, Oracle, SQL Server, plus a million other things like old mainframe, COBOL, lisp, assembly, Ruby, Python...it depends on the job.
In a startup, you can say 'we only support Chrome and FireFox' and often no one will question it. But in a big corporation, you don't often get to pick which things you 'won't learn'. Some companies still use freaking IE6 (some very VERY big companies) so if you want your jQuery to work with their app, you'd better know why using anything higher than 1.11.x is a bad idea in general.
This is a niche skill industry. You can't be everywhere, if you intend to be good, and if you're good at something, you are probably not going to be good at completely different things. And someone very good at a small niche is almost always more valuable than someone who is kind-of-good at a number of things.
Startups may need "eager, polyglot programmers who are willing to get their hands dirty, learn on the job", etc., but by virtue of that they're eliminated from the market for many of the higher-skilled, specialized people.
Plus, security of the software is more about company priorities then about some real vs unreal programmer differences. It requires repeated code reviews with focus on security, it requires occasional penetration testing and it is often in conflict with speed of development.
Startups often simply do not have time and money for it. (Big companies are often unwilling to pay for it, so their software ends up equally vulnerable.)
Kind of getting off topic, but big companies who do not do serious security end up on the news. Startups generally do not until they big companies.
Companies who take security seriously may even do daily scans. I have a major client who does penetration testing EVERY DAY. And all source code is security scanned by multiple third parties before it is released....AND you have to make sure that your code is bullet proof beyond that, because you not only have to pass the security scanners but also you have to be aware that if your company gets hacked, and they can point to code YOU wrote, you are in deep trouble.
I'm sorry, but this is just silly. Dealing with hackers does not make you a "real" programmer. It just makes you a programmer with special expertise in a very particular and narrow aspect of programming - dealing with hackers. It's a niche skill and doesn't necessarily translate into prowess in other areas. Startups need eager, polyglot programmers who are willing to get their hands dirty, learn on the job, and deal with the uncertainty you wouldn't normally have to worry about in a large, stable company.