| ▲ | dvrp 2 days ago | |||||||
in the real world you pay for extra security; yet developers think that this should be free just cuz…? | ||||||||
| ▲ | bee_rider 2 days ago | parent | next [-] | |||||||
I don’t think you should have to pay extra for extra security in general. Making a product or service free of security defects ought to be considered a basic requirement of merchantability. But we should also draw a distinction between, like, real security defects (RCEs, that sort of thing) and features that might make it easier to deploy a system securely (SSO). | ||||||||
| ▲ | zdragnar 2 days ago | parent | prev [-] | |||||||
... Because the specifications are open. Practically the whole Internet is built on open specifications. The security and operations benefits are obvious for enterprise customers. Startups could also benefit greatly from it, but the cost ramping of the large providers is onerous. | ||||||||
| ||||||||