Hacker News new | past | comments | ask | show | jobs | submit login

What exactly can "we" do other than the government creating some financial penalty for this?

I soundly believe that in most of these cases some line level security person told middle management there might be an issue, but it wasn't dealt with because of time/money considerations ("Just Ship It") or there are many legacy things that never received a proper audit/fix schedule because of lack of people/experts to even see the issue.

One time financial penalties won't fix that, because I'd bet it might be cheaper to pay it. Criminally penalizing executives may not fix it, because some of these decisions likely never made their desk.

Applications are open for YC Winter 2020

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact