Versatile software engineer with a background in .NET consulting and CMS development. Working on regaining my embedded development skills to get more involved with IoT opportunities.
I wish more developers put proper emphasis on security. I often get told that I am overthinking things or "not focused on the MVP" when I raise security concerns, but my experience has been that if they aren't dealt with at the beginning, they never will. It's frightening being in charge of applications or sites where you can feel that the concern isn't if you will be breached, it's a matter of when .
I also often encounter an attitude that security is an Operations/DevOps problem and someone else will deal with it. Operations/DevOps are definitely involved in security, but that doesn't excuse developers from our duties. When it comes to advocating for a more bottom-focused approach and convincing leadership and teammates that security issues need to be taken more seriously, are there any strategies you have found to be very effective?
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
I wish more developers put proper emphasis on security. I often get told that I am overthinking things or "not focused on the MVP" when I raise security concerns, but my experience has been that if they aren't dealt with at the beginning, they never will. It's frightening being in charge of applications or sites where you can feel that the concern isn't if you will be breached, it's a matter of when .
I also often encounter an attitude that security is an Operations/DevOps problem and someone else will deal with it. Operations/DevOps are definitely involved in security, but that doesn't excuse developers from our duties. When it comes to advocating for a more bottom-focused approach and convincing leadership and teammates that security issues need to be taken more seriously, are there any strategies you have found to be very effective?