Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Security is never perfect. It is a deterrent, not impenetrable prevention. So sure, to security people, it is never good enough. To everyone else, a easy to digest blog post might give them food for thought that would make their work one step better than it was before, resulting in security that is still flawed, but better. So why not just accept the post for what it is - some basic advice to do that one better step.


> So why not just accept the post for what it is - some basic advice to do that one better step.

http://www.nytimes.com/2015/07/10/us/office-of-personnel-man...


Do you honestly feel that the work of beginning web developers falls into the same risk management quadrant as a major governmental database of personal information?


Look up "medium-brow dismissal"


I did. Wasn't sure what I was looking for.

https://www.google.com/search?q=medium-brow+dismissal&ie=utf...

It's clearly a logical failure to suggest heeding the authors advice would result in a catastrophic security breach.

Not paying attention to security by reason of "I've done a little better than nothing at all" feels like willful negligence.


https://news.ycombinator.com/item?id=5072224

(edit: this is an explanation of what "middle-brow dismissal" is)


If you're going to do something, do it right.

Security is never perfect, and to security people, we know that there is a tradeoff between Security and Users.

We don't advocate letting The Perfect be the Enemy of the Good when it comes to security, and on the same token we want you to implement security properly if you do it.


Since the security advice in the article is bad, this is more the case of the wildly incorrect is the enemy of the reader who takes the advice. Somewhat different.


"right" is subjective. there is always "good enough for right now, with the tools available, and the budget in hand".




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: