this post was submitted on 03 Jul 2024
233 points (87.2% liked)

Technology

57465 readers
3638 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots

founded 1 year ago
MODERATORS
L3s@lemmy.world
enu@lemm.ee
fry@fry.gs
L3s@fry.gs
enu@lemmy.world
L4s@fry.gs
L4s@lemmy.world
233
Telegram says it has 'about 30 engineers'; security experts say that's a red flag (techcrunch.com)
submitted 1 month ago by ForgottenFlux@lemmy.world to c/technology@lemmy.world
83 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] awesome_lowlander@lemmy.dbzer0.com 0 points 1 month ago (2 children)

30 engineers is startup-sized. 30 engineers to deal with the needs of a sensitive software being used by millions worldwide, and is a huge target for cyberattacks? That's way below the threshold needed.

[–] dandi8@fedia.io 1 points 1 month ago (1 children)

This sounds like the devs are personally, sword and shield in hand, defending the application from attacks, instead of just writing software which adheres to modern security practices, listening to the Security Officer and occasionally doing an audit.

[–] awesome_lowlander@lemmy.dbzer0.com 2 points 1 month ago (1 children)

They're not just writing the software, they're responsible for the infrastructure it's running on. And keeping that running and secure IS a full time job.

Right now, you sound exactly like one of those C level execs who looks at IT and asks "We haven't had an issue in years, what do we need to pay them for?"

[–] dandi8@fedia.io 0 points 1 month ago* (last edited 1 month ago)

Even if you have a full-time role for continuously auditing the infrastructure (which I would say is the responsibility of either a security officer or a devops engineer), you still didn't show how that needs a 15-person team, and an otherwise-untouched infrastructure should just keep on working (barring sabotage), unless someone really messed something up.

If CI builds or deployments keep randomly failing at your place, that's not an inescapable reality, that's just a symptom of bad software development practices.