kravietz πŸ¦‡  

There's an eternal conflict between DevOps and DevSecOps - for the former "OLD IS GOOD" (tested & stable), for the latter "OLD IS EVIL" (vulnerable). Unfortunately, business shares the first point of view, while the Internet prefers the latter.

1
Limax Maximus  

@kravietz Because it is impossible to quantify the cost benefit for a cyberattack that may never materialize (but most likely will).

1
kravietz πŸ¦‡
Follow

@Limax Well, that's the essence of risk management. For the purpose of DevOps we don't need fully quantified RM, it's sufficient to know "vulnerable software increases likelihood of breach".

Β· Β· Tusky Β· 1 Β· 0 Β· 0
Limax Maximus  

@kravietz Tell that to the C-Suite, which treats security in the same way as climate change - ignoring it until it is too late.

1
kravietz πŸ¦‡  

@Limax That's unfortunately the case - because neither business nor public sector is held liable for loss of customer data (only the customers are), it's not part of their business equation.

0
Sign in to participate in the conversation
Mastodon πŸ” privacytools.io

Fast, secure and up-to-date instance. PrivacyTools provides knowledge and tools to protect your privacy against global mass surveillance.

Website: privacytools.io
Matrix Chat: chat.privacytools.io
Support us on OpenCollective, many contributions are tax deductible!

Resources

Developers

What is Mastodon?

social.privacytools.io

More…