Shostack + Friends Blog Archive


Open Thread

I’ll give you a topic, eh, no I won’t. Have at it, but not at each other.

6 comments on "Open Thread"

  • Adam says:

    I’ll tell you what’s on my mind. People who declare what other folks “need” to do, rather than saying “it would make me very happy if…
    For example, “Twitter needs to hire a CSO.”

  • Arthur says:

    @adam No Twitter needs to hire _me_ as CSO.

  • Chris says:

    That could be a great gig, or it could be an exercise in teeth-grinding futility. I wonder what one could do to determine in advance which it was more likely to be?

  • PorkBellyFutures says:

    Chris: Ask how late in the software build and deployment process you would be able to halt it, and who the lowest ranked person who could overrule you would be. And after you have an answer, ask for it in writing.
    So, if it was an exercise in teeth-grinding futility:
    How much money would you have to be paid to remain in a position where your job is to continually give good security advice that no one ever follows?
    Doesn’t every security practitioner have his or her price?

  • Dan Weber says:

    I wouldn’t mind giving advice that was ignored, as long as they don’t expect me to bullshit after the fact and pretend I supported the practice at the time.

  • Dissent says:

    @PorkBellyFutures Don’t forget to inquire about dental insurance for the work-induced bruxism, either.

Comments are closed.