this post was submitted on 28 Apr 2024
148 points (98.1% liked)
Technology
59446 readers
4974 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related content.
- Be excellent to each another!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, to ask if your bot can be added please contact us.
- Check for duplicates before posting, duplicates may be removed
Approved Bots
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
It's sad that this works. You'd think especially software professionals would be the most vigilant about running unknown code.
Professionals in software development do not mean professionals in cyber security.
Same way you don't expect a geologist to be a mason
That's a bad take. Unless you get your knowledge purely from shady tutorials or have a fast track bootcamp education, it's unlikely you never touch on security basics.
I'm a software design undergrad and had to take IT Sec classes. Other profs also touched on how to safely handle dependencies and such.
While IT Security is its own specialisation, blindly trusting source code others provide you with is something a good programmer shouldn't do.
If you need a metaphor: Just because a woodworker specialises in tables, doesn't mean they can't build a chair.
Edit: Seems like my take is the bad one ๐
I graduated in CS in this century and we never touched on security. If not for my own curiosity and obligatory annual compliance education on the job (and only on the last one) I would have known near nothing