Even excellent devs make security mistakes. That's why good teams build out processes like auditing, fuzzing, heuristics checkers, and require internal peer review.
This "you must be perfect" mentality is detrimental to building a security culture, IMO — no one is perfect, and the most excellent dev will slip up. Seeing the people involved in that commit, I believe that's what happened here.
Hoping we learn more in the post-mortem, and they revise their practices to catch this mistake in the future.
This "you must be perfect" mentality is detrimental to building a security culture, IMO — no one is perfect, and the most excellent dev will slip up. Seeing the people involved in that commit, I believe that's what happened here.
Hoping we learn more in the post-mortem, and they revise their practices to catch this mistake in the future.