balder1991 4 days ago

Working for a bank did make me think much more about all the vulnerabilities that can go into certain tools. The company has a lot of bureaucracy to prevent installing anything or adding external dependencies.

▲

benoau 4 days ago | parent [-]

Working for a fintech and being responsible for the software made me very wary of dependencies and weeding out the deprecated and EOL'd stuff that had somehow already found its way into what was a young project when I joined. Left unrestrained, developers will add anything if it resolves their immediate needs like you could probably spread malware very well just by writing a fake-blog advocating a malicious module to solve certain scenarios.

	▲	esseph 4 days ago \| parent [-]
		> Left unrestrained, developers will add anything if it resolves their immediate needs Absolutely. A lot of developers work on a large Enterprise app for years and then scoot off to a different project or company. What's not fun is being the poor Ops staff that have to deal with supporting the library dependencies, JVM upgrades, etc for decades after.