> Everyone seems to think they are doing the right thing

I like to think people would agree more on the appropriate method if they saw the risk as large enough.

If you could convince everyone that a nuclear bomb would get dropped on their heads (or a comparably devastating event) if a vulnerability gets in, I highly doubt a company like #2 would still believe they're doing things optimally, for example.

▲

KronisLV 2 hours ago | parent | next [-]

> if they saw the risk as large enough.

If you expose people to the true risks instead of allowing them to be ignorant, the conclusion that they might come to is that they shouldn’t develop software at all.

▲

emodendroket 3 hours ago | parent | prev [-]

Really? You think the alternate mode where you're running 5-year-old versions of stuff with tons of known security flaws is better?

	▲	coldtea 3 hours ago \| parent \| next [-]
		What part of "We reviewed all relevant CVEs as they came out to make a call on if they apply to us or not and how we mitigate or address them" gave you that impression?
	▲	HeatrayEnjoyer 3 hours ago \| parent \| prev [-]
		>running 5-year-old versions of stuff with tons of known security flaws No one in this thread proposed that, or anything that could be reasonably assumed to have meant that.