Hacker News new | past | comments | ask | show | jobs | submit login

'As a car designer, do you really want to live in a world where "safety is a top priority" at every company? Does such a world even make economic sense after accounting for the opportunity cost of the time most that designers would otherwise spend actually building new products and features?'

Most professions and companies are (at least in theory) held accountable for their impacts.




No car on the market is as safe as the absence of a car. Car companies make tradeoffs towards safety where it's reasonable and economical, but still fulfill their baseline mission, which is inherently dangerous. People are injured and killed in car crashes every day; car companies are not "held accountable" unless there's a specific defect and they should have known better.


Such as a company knowing better than to keep their servers patched, to have a process to make sure their servers are patched, to have a process that shows a list of servers that are _not_ patched, etc.

There are a lot of really stupid mistakes made in a lot of these data disclosures that a competent IT team (and dev team) can prevent from happening. The current state of things is that there are hardly any consequences for losing people's data, just make a bulk purchase of credit monitoring and call it a day. This is cheaper than actually hiring the right people and implementing the correct processes.


Q: What's safer than sky diving? A: Not sky diving.


As a car driver, do you want to live in a world where "braking for pedestrians in crosswalks is a top priority" on every trip? Does such a world even make economic sense after accounting for the opportunity cost of the time that most drivers would otherwise spend moving toward their destinations?


Haha THIS is spot on. Sure, 1 person's address isn't the end of the world ... but 500,000,000 people's information in 1 incident is class action material


And it's not like I'm advocating that every single company needs bulletproof security that can stand up to nation-state adversaries with budgets bigger that the company, I agree with GP that it just wouldn't be economical.

To stretch the car/driver analogy, you could limit all cars to 10 mph so that they can stop fast enough when a deer runs into the road unexpectedly, but that's probably not worth the tradeoff.

Pedestrians, on the other hand, are a predictable fact of life that you need to deal with when you get in a car. So are bad people on the internet. If you put something on an internet connection and aren't constantly aware of that, you should not be putting it on the internet.


Car companies absolutely quantify risks and make decisions based on it. It is still more about bottom line than safety. When a version of a car fails some tests, they will estimate the cost of a recall versus the cost of a lawsuit. Whichever is smaller wins.


> Car companies absolutely quantify risks and make decisions based on it. It is still more about bottom line than safety.

Right, which is why we should increase consequences when there are data breaches so companies may actually care about them when they happen.


That "care" would come out from customers pockets.

Why do you think customers are ready to pay extra for the extra data security?




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: