kravietz πŸ¦‡  

There's an eternal conflict between DevOps and DevSecOps - for the former "OLD IS GOOD" (tested & stable), for the latter "OLD IS EVIL" (vulnerable). Unfortunately, business shares the first point of view, while the Internet prefers the latter.

1
Limax Maximus  

@kravietz Because it is impossible to quantify the cost benefit for a cyberattack that may never materialize (but most likely will).

1
kravietz πŸ¦‡  

@Limax Well, that's the essence of risk management. For the purpose of DevOps we don't need fully quantified RM, it's sufficient to know "vulnerable software increases likelihood of breach".

1
Limax Maximus  

@kravietz Tell that to the C-Suite, which treats security in the same way as climate change - ignoring it until it is too late.

1
kravietz πŸ¦‡
Follow

@Limax That's unfortunately the case - because neither business nor public sector is held liable for loss of customer data (only the customers are), it's not part of their business equation.

Β· Β· 0 Β· 0 Β· 0
Sign in to participate in the conversation
Mastodon πŸ” privacytools.io

Fast, secure and up-to-date instance. PrivacyTools provides knowledge and tools to protect your privacy against global mass surveillance.

Website: privacytools.io
Matrix Chat: chat.privacytools.io
Support us on OpenCollective, many contributions are tax deductible!

Resources

Developers

What is Mastodon?

social.privacytools.io

More…