this post was submitted on 03 Aug 2023
387 points (97.5% liked)

Technology

59223 readers
3221 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
 

There's been a string of security blunders in Azure in the last couple years but leaking a signing key and then trying to downplay it is really beyond the pale

you are viewing a single comment's thread
view the rest of the comments
[–] stevedidwhat_infosec@infosec.pub 13 points 1 year ago (2 children)

It the job of responsible company (especially one Microsoft’s size) to know that and plan for it accordingly.

Risk management is hard baked into the infosec responsibility set, size isn’t an excuse

[–] Phlogiston@lemmy.world 4 points 1 year ago

Did you say, “Size doesn’t matter”?

(FYI - in hear this excuse all the time at a large company. Somehow our complexity and scale is always an excuse people reach toward. And, as you say, our job from infosec is to shut that whining down.

[–] sebinspace@lemmy.world 0 points 1 year ago (1 children)

It can be if you don’t have the staff. If humans are the most vulnerable part of the system, you can’t stretch them too thin and expect them to be as effective in their role.

That’s part of another issue which should’ve been handled prior to getting too big.

Manageability is #1 when considering your growth, can’t imagine Microsoft chose to keep a “small staff” out of necessity.

Perhaps fucking private Sting concerts for higher ups should be scrapped in favor of the employees they fired days prior to attending