logoalt Hacker News

agostalast Thursday at 10:40 PM3 repliesview on HN

Mintlify had a blacklist in place to not allow them to do this with most file types. Someone failed to add SVG to it. It's not like they weren't thinking about security. The challenge with security, as you know, is it's only as strong as it's weakest link. It only takes one ignorant/incompetent person in an entire organization to jeopordize the org. But even a competent person can make a crucial mistake.

Replies

pmontralast Thursday at 11:39 PM

A whitelist is safer than a blacklist. Unfortunately you risk losing those customers that won't be able to load their media, won't contact support, will use a different service.

sofixayesterday at 4:47 AM

> It's not like they weren't thinking about security

https://kibty.town/blog/mintlify/

The first CVE here definitely sounds like they absolutely weren't thinking care security.

anonymous908213last Thursday at 11:12 PM

  The challenge with security, as you know, is it's only as strong as it's weakest link. It only takes one ignorant/incompetent person in an entire organization to jeopordize the org.
This statement could not be further from the truth. Your organization itself is completely incompetent if one ignorant employee can compromise it. The "swiss cheese" safety memetic is widely understood and basically common sense; in an actually competent organization, no single person has sole responsibility for success or failure of a process, and it takes individual failures at multiple levels to result in process failure.
show 1 reply