Method Names are Insufficent
Method names alone are not evidence of malicious activity on the part of a developer.
(I should write more on this subject, but for now that’s the entire post)
Method names alone are not evidence of malicious activity on the part of a developer.
(I should write more on this subject, but for now that’s the entire post)
Consider a scenario similar to the previous post, where there’s some big security issue in a project that wants to ship soon. Instead of stopping the project in its tracks, you decide to let it go. Why is that?
Rather than just letting the project ship unmodified, maybe you can work out some kind of mitigating controls. Examples:
Shipping projects at a big tech company is very challenging work. Much can be written on the subject (such as Sean Goedecke’s post on how to ship), but it’s not my area of expertise. Instead, I work to make sure that projects don’t ship. Or rather, that projects that shouldn’t be shipping don’t ship. I do this for the same reason doctors sometimes measure success in terms of “nobody died who shouldn’t have”. Projects should be built to meet the security needs of the business without introducing risks that are likely to make the project cost more than the revenue it brings in. I want to ensure that we aren’t shipping projects with unnecessary risks when we know how to mitigate those risks.