Hacker News new | past | comments | ask | show | jobs | submit login

> This website was probably either made by contractors who are long gone or an internal team who are too incompetent to fix it.

If I paid a construction contractor to build my office and someone notified me that parts were unsafe or violated the building code, I would either hire the original contractors or new ones to fix it, because otherwise I would be legally liable is I still used it.

If my own employees built it, we would be having an interesting discussion about how it happened, and whether I could trust them to fix it or would need to hire a contractor (or at least fire that manager).

Whenever something new is built that people use, care needs to be taken with safety. The sooner average people realize that effects digital constructs the same as physical ones, the better.

Perhaps the contractors who built the site followed the letter of the contract, and the security requirements were insufficiently specified. Or maybe, in the case of an internal development team, they followed the spec which itself was ambiguous.

People forget that not all developers out there are Silicon Valley Rockstar Unicorn developers, who are thinking about the product's needs and the users and the edge cases. Lots of this kind of work is done at body shops where, if the customer specified the name input field should allow 8 characters, they'll make it allow at most 8 characters even though they know that people have names longer than that. If it comes back as a change request, $$$ cha-ching!

I actually wasn't making an argument about contractors at all, but operators. If you operate something that you've been informed is unsafe, you fix it or stop using it. It gets fixed or you are purposefully endangering people that use it. How it gets fixed and who pays are separate issues.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact