Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I hear where you're coming from... but this is also the bane of developer existence. We all have to accept that, every year, tens of thousands of new developers looking for jobs enter the market. There's such a demand for developers that these people get jobs. So footguns, as much as we like to play high-and-mighty and say, "well, duh, don't shoot yourself in the foot" are a real, existential risk to a lot of companies.


I was under the impression that newly minted developers would use existing libraries and frameworks, which have already take security into account.


The article points out that many popular libraries have vulnerabilities and unsafe defaults.


Which to me says that relying on there not being any footguns is wishful thinking. The better recourse, to my mind, is to stress the need for mentorship, so people learn to proactively look out for traps.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: