Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

The root cause is not whether engineers are licensed (I'm fine with that idea, but it's not going to resolve this specific problem). Instead, it is a culture of not caring about security because the fines are a cost of doing business is, and which comes from management, and treating personal information as an asset instead of a liability.

A Sarbanes-Oxley style law that makes the CEO personally criminally responsible for breaches will be vastly more effective than pursuing individual engineers - many of whom will be on the types of visa where they have no effective route of pushback on orders anyway.



When a doctor is negligent, their employer is often also sued if it can be shown that it knew shenanigans were underway and did nothing.

We shouldn't choose between holding engineers or executives responsible. Each should be held responsible for their part.


Indeed - but we should start at the place likely to actually make a difference: the executives.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: