Hacker News new | past | comments | ask | show | jobs | submit login

It's not that people don't know how to properly code a web application. It's that coding a web application with a strong and secure perimeter is more expensive, more effort, and difficult to QA (the perimeter) than building one without.

"Ship it."

I love the "ship it" here. Deadlines kill security. When you're under the gun to finish something as a dev, the first thing to go is the security mindset. The next thing to go is the "beautiful code" mindset, which leads to even more security issues. The problem is that by definition projects that have a critical deadline will usually be used by thousands of people or handle very important information.

It's a weird issue of "I need it now because it's important" and "I need it working well because it's important". Good, fast, cheap. Pick two.

Thanks for supporting my confirmation bias.

Applications are open for YC Winter 2020

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact