Hacker News new | past | comments | ask | show | jobs | submit login

Not really, security makes everything harder. I have worked on classified projects which I think are a good benchmark for continuous security and it is definitely expensive, and it was on the lowest levels of classification.

Costs come from everywhere, from the time it takes to transfer a simple file when USB ports are blocked and internet access is very limited. Regular audits, limited privileges and you can only run approved programs, maintaining software up to date but you have to actually look at the change logs (no automatic updates), physical security (alarms, safes, access control, etc...). Also, you can't work from home.

Your company may do security differently but there is always a cost. You may not notice a big "security" line in the budget but that's because the costs are everywhere, because everything can be a target. And unlike correctness, security is a moving target. For example, if the code you wrote for a specific task does the task correctly, as long as the task doesn't change, it will work forever (hence: "if it ain't broke, don't fix it"). But thing that were once secure may stop being secure as new attacks are found, even if nothing changes on your side.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: