Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

AFAIK security people usually is consulting on security issues and rarely dictates implementation details.

This IIRC is not the OP referring to.



IMHO it is often the case that security can only be achieved if the design is sound. Overly complex designs are very hard to make secure.


Sure, but still they do not dictates implementation details. And that's different than what OP saying.


That’s definitely the case when thinking about security in a strictly limited scope. In contrast, my team is holistic — any issue that could affect ICA (integrity, confidentiality, availability) is in our purview.

My team engages in the earliest phases of design. Holistic security is our priority, but not a limiter for our engagements.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: