Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
concinds 2 hours ago

Penalties don't work for government agencies. Taxpayers would pay for it and it doesn't act as an incentive.

The way to fix it is to empower one government agency to do aggressive pentesting against every other agency, hospitals, banks, infrastructure, and big corporations, with salaries matching the private sector. Impose a legally-enforced deadline to fix any issues, with a fine (for private actors) or demotion of the guy in charge of infosec (for state agencies).

Forget compliance checklists, KPMG "audits" and all that crap, just have government-sponsored hackers trying to get into everything like an attacker would.

France seems to have had a ton of government hacks in the past year at various levels, so it's sorely needed.

2 hours ago | parent | next [-]
[deleted]
mcmcmc 2 hours ago | parent | prev | next [-]

> Penalties don't work for government agencies. Taxpayers would pay for it and it doesn't act as an incentive.

This is the same as the rogue police problem in the US. What needs to happen is a shift to personal liability for those responsible.

signatoremo 2 hours ago | parent [-]

Personal liability? Are you also against no blame culture that is prevalent in the tech world?

spwa4 2 hours ago | parent | prev | next [-]

You don't seem to realize the difference between those 2.

> The way to fix it is to empower one government agency to do aggressive pentesting against every other agency, hospitals, banks, infrastructure, and big corporations, with salaries matching the private sector. Impose ...

And now you've got private people empowered to attack specific government officials. In fact, that's their job. Btw: you forgot to specify "in public", and that needs to be how it works, otherwise it will just result in officials attacking this security agency. Oh, AND you're giving government officials an obvious point of attack: "salaries matching the private sector".

> Forget compliance checklists, KPMG "audits" and all that crap, just have government-sponsored hackers trying to get into everything like an attacker would.

You mean forget the way even the dumbest of the dumb can "provide security"? Do you think government officials in France got their position based on their IQ?

Of course this is the only way it can work, but this needs a very un-French form of government to get it to work.

ihsw 2 hours ago | parent | prev [-]

[dead]