|
| ▲ | sofixa 3 days ago | parent | next [-] |
| > It's not like they weren't thinking about security https://kibty.town/blog/mintlify/ The first CVE here definitely sounds like they absolutely weren't thinking care security. |
|
| ▲ | pmontra 4 days ago | parent | prev | next [-] |
| A whitelist is safer than a blacklist. Unfortunately you risk losing those customers that won't be able to load their media, won't contact support, will use a different service. |
|
| ▲ | anonymous908213 4 days ago | parent | prev [-] |
| The challenge with security, as you know, is it's only as strong as it's weakest link. It only takes one ignorant/incompetent person in an entire organization to jeopordize the org.
This statement could not be further from the truth. Your organization itself is completely incompetent if one ignorant employee can compromise it. The "swiss cheese" safety memetic is widely understood and basically common sense; in an actually competent organization, no single person has sole responsibility for success or failure of a process, and it takes individual failures at multiple levels to result in process failure. |
| |
| ▲ | esseph 3 days ago | parent [-] | | I agree with you in theory. In practice, I've never known a single organization to hit that bar. Ever. |
|
