• Mischala@lemmy.nz
    link
    fedilink
    arrow-up
    6
    ·
    edit-2
    10 months ago

    Generally a regular issue is much less likely to get you hacked.
    Security issues often come with legal liability which is why a bad security department will act overly important and stomp around demanding changes be made right the fuck now.

    But I do get it, a good security team should be enabling their dev teams to solve issues in the least disruptive way possible, not just thrown them work and barking orders.

    In some places I have worked, the sec teans will find an issue and push PRs to fix them, explaining the security concern, and requesting only a review and merge.