Hacker News new | past | comments | ask | show | jobs | submit login

>"that is likely a simple mistake by a fairly fresh or unskilled developer."

I'd assume that for banks all code that goes into production gets audited. More so it is easy to have the code run through some analyzers before submitting it to production where presence of external origin should be detected automatically and raise a flag.

If not it is gross negligence on the bank's side and deserves all the scathing and accusations it can get.




No. Being courteous and professional will still get the point across.


>>> I'd assume that for banks all code that goes into production gets audited.

Code would be reviewed by a developer, not audited. The reviewer may or may notice the dependency to archive.org and may or may not care.

Speaking from experience, the bank may have a policy to prohibit using external javascript, while the bank may not have a CDN itself to be able to host said dependencies.


I've worked in finance for the last 20 years. My code has never been audited and very rarely even peer reviewed. Then again, I work in back office and nothing web facing, so theres that.

When I was in high school in the 90s I did work at a bank after school. My job was to sort and file debit card applications. No one audited my work either. Part of my job when reviewing every card on file was to verify the balance on the account that backed the debit card. If the account balance was zero or less, I filled out a form to cancel the card to be faxed out in a batch. Typically had 20-50 cancellations per day in 3 hours of work. No one reviewed them before sent, the files were just filed away to be forgotten. Mind, this was a small rural bank, so that might have played into it.


"I'd assume that for banks all code that goes into production gets audited"

The point of tag managers is to let non-developers update production without going through a code deployment so the usual code review and oversight doesn't apply.

Also worth keeping in mind that this is the bank's marketing site. It's almost surely managed by a different team than the actual online banking site and probably has looser restrictions.


right. if "a simple mistake by a fairly fresh or unskilled developer" got through, then there was a grave mistake by whoever was supervising them.


>If not it is gross negligence on the bank's side

Yes and you know who's then get fired? The junior developer....




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: