●Stories
●Firehose
●All
●Popular
●Polls
●Software
●Thought Leadership
Submit
●
Login
●or
●
Sign up
●Topics:
●Devices
●Build
●Entertainment
●Technology
●Open Source
●Science
●YRO
●Follow us:
●RSS
●Facebook
●LinkedIn
●Twitter
●
Youtube
●
Mastodon
●Bluesky
Slashdot is powered by your submissions, so send in your scoop
Forgot your password?
Close
This discussion has been archived.
No new comments can be posted.
Load All Comments
Full
Abbreviated
Hidden
/Sea
Score:
5
4
3
2
1
0
-1
More
Login
Forgot your password?
Close
Close
Log In/Create an Account
●
All
●
Insightful
●
Informative
●
Interesting
●
Funny
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
byAnonymous Coward writes:
Security is always last when implementing a new piece of software. Until management gets that security is vital to their well being, this will continue to happen. But since they have cybersecurity insurance and since everyone has the memory of a goldfish, the company will be fine, and therefore they don't need to spend the money on it. After all it would just be an added expense and possibly delay the introduction of the software in the first place which could ultimately be worse than having a buggy program.
twitter
facebook
bylrichardson ( 220639 ) writes:
The traditional life-cycle of a company has it being taken over by accountants just before it dies. Because accountants have real problems putting numbers to intangibles - like security. The developer hours required to implement security? *That* they can put a number to ... in the expense column. So, basically, as an expense with no immediate benefit, security gets the short end of the stick ... if it even gets that much. The situation gets worse when 'security' becomes another department. Then the g
byMoarSauce123 ( 3641185 ) writes:
That is because security is a subset of quality and software companies rather hire more support staff than have devs fix bugs. If you love self-punishment and quixote-ian endeavors then enter QA. Every day I see the taps on the back of devs, but never in my 20 years of QA did anyone come by my desk and tell me I did a good job testing and making the company tons of money by keeping customer retention high. And yes, I still report the same errors made years ago and often it is the same dev making the same m
byaccount_deleted ( 4530225 ) writes:
Comment removed based on user account deletion
bymichael_wojcik ( 4610715 ) writes:
Security is always last when implementing a new piece of software.
Not always. There are organizations that implement an SDLC correctly, with secure-development practices applied throughout the development process. And guess what? That leads to much lower security defect rates in new code, and gradually whittles away at security technical debt in old code.
Of course, the fact that your post (which, let's face it, is a cliche) was voted up to 5 Insightful shows that most places are still not implementing an SDLC, or they're doing it wrong.
● threshold.
There may be more comments in this discussion. Without JavaScript enabled, you might want to turn on Classic Discussion System in your preferences instead.
Slashdot
●
●
Submit Story
It is much harder to find a job than to keep one.
●FAQ
●Story Archive
●Hall of Fame
●Advertising
●Terms
●Privacy Statement
●About
●Feedback
●Mobile View
●Blog
Do Not Sell or Share My Personal Information
Copyright © 2026 Slashdot Media. All Rights Reserved.
×
Close
Working...
Working...