Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Corporate IT security seems to be mainly about checklists and compliance, not about actual security.


There's no reason to do anything else. Nobody has gone to jail as of yet for not securing their company, and even "security" companies that get utterly popped still have plentiful business a year later.

There is no legal incentive to do good security. There is no market incentive to do good security. Why is it so surprising to people that we have abysmal security?


In my case, it's surprising because companies waste a ton of money buying snake oil and aggravating their users for next to no benefit. You'd expect companies that "only care about their bottom line" to optimize this away, yet they don't.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: