If one does not take the time needed to review ALL copied code which is to be included in a project then is that particular individual held responsible for the entirety of an impacting negative result should that code be the source of said impact? The individual was tasked with 'complete this portion of the project' and instead of writing the code and bettering their understanding of said project, of which they will very likely be a source of knowledge to support, the individual saved themselves the mental effort and included copied code. I have also seen the exact same “corner cutting” in the M$ world where developers submit an expense report in which they purchased a component library without ANY consideration of the licensing or the production costs around that components production architectural deployment. As to my latter point you will find the Payment Card Industry (PCI) planning or soon requiring third party assertions on black box code components used in a system but as a multi decade payments entrepreneur/architect/developer this is pure foolishness because if you do not own all the code AND understand it there is no way to know what it may do in the future.
Would you consume candy from a stranger? Would you pick up a piece of candy off the ground which appears unaltered and consume it? When one applies logic to other life safety situations hopefully some can see the analogous similarities to just picking up code off the ground and putting it into one's mouth.
This sh!t storm is just getting started as more and more “no code” businesses are introduced and industries adopt the “easy way” in fear of missing out on “exponential” income. Most are taught at a very young age that fire is hot but until one gets burned the concept of hot is not personally comprehended. The majority of people are lazy and will always take the easy route but as the world comes to learn from more and more catastrophic global breaches, easy is very often not secure.
Now consider critical to life medical device companies that copy code without review.
Would you consume candy from a stranger? Would you pick up a piece of candy off the ground which appears unaltered and consume it? When one applies logic to other life safety situations hopefully some can see the analogous similarities to just picking up code off the ground and putting it into one's mouth.
This sh!t storm is just getting started as more and more “no code” businesses are introduced and industries adopt the “easy way” in fear of missing out on “exponential” income. Most are taught at a very young age that fire is hot but until one gets burned the concept of hot is not personally comprehended. The majority of people are lazy and will always take the easy route but as the world comes to learn from more and more catastrophic global breaches, easy is very often not secure.
Now consider critical to life medical device companies that copy code without review.
Trust but verify.