• Ephera
    link
    fedilink
    arrow-up
    30
    ·
    8 months ago

    My favorite part is when I have to take mandatory trainings on security and integrate automated scanners for vulnerable libraries, but none of our projects have funding to actually implement the basics, like encryption+authentication.

    • Tangentism
      link
      fedilink
      arrow-up
      8
      ·
      8 months ago

      We have the mandatory security training at my company and they said it was going to be revised after a few of us showed how the advice it gave was insecure and incorrect!

      • mormegil@programming.dev
        link
        fedilink
        arrow-up
        4
        ·
        8 months ago

        In a bank we work for, there is a mandatory security training for employees, mandated by the parent supranational. The bank tried to correct the mistakes in the training or at least make the training optional, as the bank provides its own, more correct program. Rejected by the mother company, mandatory training is mandatory, even if it is wrong.