They freak out over the most far fetched things and generate a lot of extra work for SWEs with little in return. They are so paranoid and nit-pic every line of code.
Jokes aside, security and compliance are very important because a mistake can be way more costly than missing some product deadlines.
Security Engineer spotted
I probably have the mindset to become one but i am more obsessed with physical security. Perhaps I should be a panic room designer.
OP engineers like you are the reason my credit info got hacked from Equifax however many years ago. As well as just about every other breach that's happened in the last decade or two.
Whatever, you got a year of free credit monitoring.
Yeah, a company compromises my personal data forever and in return I get 1 year of their shitty monitoring, mostly just so they can try to sell me on more of it after the year is up. Yeah that makes everything better.
It's xss, if you meant cross site scripting
Another Security Engineer spotted - good lord! This is what I mean by nit-picking.
😔
That's what they get paid to do though
Patching security vulnerabilities provides more value than anything you have built. Get back to work on updating jars grunt.
Yeah the Security Engineers keep making me update vulnerable dependencies because of stupid stuff like denial of service. Then they want the fix backported to all supported versions - WTF?
The best way to remove security vulnerabilities is to delete the app. Have you tried that?
Yeah, maybe if some of our fellow engineers took security more seriously we wouldn’t have to hire so many of these security people to play these games, and maybe our personal information wouldn’t get owned monthly. We still have developers implementing obscure password rules to avoid “dangerous” characters, blocking paste on password prompts, storing passwords in plain text or with unsalted hashes, concatenating untrusted strings with queries or shell commands, and generally fucking everything up remotely related to security. IF you’re one of those people who does those things or who demands a live demo PoC for every vulnerability, the fact that we have these security engineers up our asses is your fault. You’re the reason they have jobs and the rest of us can’t just work in peace. If you aren’t one of those people, just make sure you assign the blame where it belongs. On the developers who make those security engineers necessary.
They are awesome. Just freak them out and you can justify months of non-work.
LOL - good idea
My person at linkedin is the real pro here