Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I have personal experience shipping a web app to a bunch of large companies and educational institutions, and it's a mixed bag.

Most businesses seem to get by with as little as possible in the way of security resources. Often they don't have anyone dedicated on security (warning signal #1), and they'll let you remote into their network without many restrictions (warning signal #2). The other businesses are usually to the other extreme on security. They want documentation that you have a secure development policy, they'll do an independent security audit, they won't allow remote access under any circumstances, and some won't even allow any direct access at all (you have to prepare documentation that their people can follow for any modification that must be made to the system). So, basically, there's a minority that really gets it, and a majority that doesn't know and doesn't care.

The fallout of this is simple: there won't be any. It hasn't gotten worse enough yet. Sony's case is seen as an isolated incident of a company that got unlucky. Most business leaders won't even see it as having bad policy, just bad luck. Programmers will know better, but wisdom from the tech crowd generally doesn't percolate to the C-levels. However, hackers everywhere are realizing that all these big businesses are information goldmines, and the coming years we're going to see an onslaught of hacks that will eventually force a standardization of security policies.



Consider applying for YC's Fall 2026 batch! Applications are open till July 27.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: