
Front-line programmers default to insecure methods - boffinism
https://boingboing.net/2019/03/27/neither-is-md5.html/
======
levlaz
> The researchers hired 43 freelance Java programmers through Freelancer.com
> and asked them to develop a registration system for an imaginary social
> network the researchers claimed to be starting. Half the devs were paid €100
> and half were paid €200 for the job; half of each of the two pay-groups were
> given explicit instructions to use secure password storage and half were
> left to their own devices.

That sounds like an hourly rate. What did they expect?

~~~
boffinism
From the study itself (n.b. the context is a description of a pilot study, not
the final study) :

> Fifteen developers made an application for the project. Their compensation
> proposals ranged from €55 to €166 and the expected working time ranged from
> 1 to 15 days

So best case scenario these are freelancers with a day rate of €11 (???) -
€166. Assuming these are workers in countries with low costs of living...
These are still ridiculously low sums. But, these are people who make their
living writing software. Ergo, lots of software actually gets written by
people like this. Easy to forget that when working with 'proper' developers.

