Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

>As he's the founder of a successful security consultancy who has friends among academic cryptographers, I took his comment to mean the belief among himself and his peers.

Security consultants are who you should trust the least when dealing with security. They aren't interested in reliable, easy-to-use and widespread security. They are interested in difficult, interesting security that breaks and needs consultants.



And all developers purposefully write spaghetti code while sysadmins hide passwords and secret configurations, all for job security.

Do you truly believe everyone is so cynical? Of course there are some bad actors, in all jobs and all domains. But not everyone—I'd argue the majority of people—are just out to screw everyone else.


Security consultants don't need to engage in sabotage to keep job security. User incompetence is adequate.


Let’s say that what you wrote holds true. Who should we trust then, when it comes to security advice?




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: