this post was submitted on 28 Sep 2024
681 points (96.1% liked)

Programmer Humor

19623 readers
4 users here now

Welcome to Programmer Humor!

This is a place where you can post jokes, memes, humor, etc. related to programming!

For sharing awful code theres also Programming Horror.

Rules

founded 1 year ago
MODERATORS
 
you are viewing a single comment's thread
view the rest of the comments
[–] BilliamBoberts@lemmy.world 11 points 1 month ago (2 children)

As an IT guy, I'd love to give software devs full admin rights to their computer to troubleshoot and install anything as they see fit, it would save me a lot of time out of my day. But I can't trust everyone in the organization not to click suspicious links or open obvious phishing emails that invite ransomware into the organization that can sink a company overnight.

[–] Grandwolf319@sh.itjust.works 8 points 1 month ago (2 children)

Fair points but as someone who works in cybersecurity. Phishing emails can happen without admin access. I haven’t heard of any randsomware that is triggered by just clicking on a link.

I think there should be some restrictions but highly technical people should slowly be given more and more control as they gain more trust/experience.

[–] lud@lemm.ee 4 points 1 month ago (1 children)

Of course but the impact could be much worse if the victim is admin on their computer.

[–] BilliamBoberts@lemmy.world 4 points 1 month ago

Exactly this. we try to prevent cyberattacks as much as we can, but at a certain point, they're impossible to perfectly defend against without also totally locking down our users and making it impossible for them to do their jobs. so then the game becomes one of containing the amount of damage an attack can do.

Security is restriction. our job is to balance our users' ability to perform their jobs with acceptable levels of risk.

[–] Omniraptor@lemm.ee 1 points 1 month ago* (last edited 1 month ago)

Not a security guy but I heard there's a whole term for it, "one-click attacks"

[–] socsa@piefed.social 2 points 1 month ago

This is why we only hire competent engineers.