> How on earth is embedded creds in any way: "no known bugs"? You misunderstand how o...

AnthonyMouse • today at 12:50 AM • 1 reply • view on HN

> How on earth is embedded creds in any way: "no known bugs"?

You misunderstand how organizational knowledge works. You see, it doesn't.

Some embeds the credentials, someone else ships the product. The first person doesn't even necessarily still work there at that point.

Remember that time NASA sent a Mars orbiter to Mars and then immediately crashed it because some of them were using pounds and the others newtons? Literally rocket scientists.

The best we know how to do here is to keep the incentives aligned so the people who suffer the consequences of something can do something about it. And in this case the people who suffer the consequences are the consumers, not the company that may have already ceased to exist, so we need to give the consumers a good way to fix it.

Replies

pixl97 • today at 4:18 PM

>Some embeds the credentials, someone else ships the product.

It doesn't matter. When you are building software, you build a security process, not security individuals or stuff like this happens.

>orbiter to Mars and then immediately crashed

Right, and it cost NASA 1.4 billion+ is direct losses to them. With software writers the losses occur to the end user.

➕ show 1 reply

alt Hacker News

Replies