It sometimes feels funny to see the audacity by which security professionals expect that organizations “should” do security.
Heck Organizations dont even want to write or maintain code. its an overhead on its own, now they need to do 10 more steps. if an organization can get away with not writing things and may be hiring more people to manage things if thats cheaper org will prefer that.
Combine that with the fact that the BS PoC level code most startups write and duct-tape it to give a semblance of working environment is written with speed and deliverability in mind not security. and acquirers or even founders know for a fact a rewrite would be needed sooner rather then later. they just push that aside. to them working on a dead code that they already know will be replaced soon is a total waste of time. Whats the incentive of doing it
#randomthoughts #infosec #security