While I don’t work specifically in dev, I have worked in security for way too long and totally understand what you mean. (I am too old and too salty to work in this field anymore, to be honest. Technology has changed, vulnerabilities are still wild and different but security as a whole? It has been mostly the same.)
I personally wouldn’t expect a jr. developer to clearly articulate a possible security problem to their manager. It’s hard, to be honest. That could be part of the issue as well.
The laziness I am referring to can happen at any level and in hundreds of different situations. To your point, some people “simply don’t know what they don’t know” and may be just an honest mistake.
That’s really what I expect, to me I see this all as young engineers pushed to finish as fast as they could, didn’t know any better, and no one thought of granting any time for the devops pipeline to be shored up.
Which of course then falls on leadership for thinking they could take the cheap way out and not listen to their engineers. Any senior or higher would be screaming about the vulnerabilities, so leadership either didn’t listen (ego and greedy) or they didn’t hire anyone with the expertise (cheaped out)
While I don’t work specifically in dev, I have worked in security for way too long and totally understand what you mean. (I am too old and too salty to work in this field anymore, to be honest. Technology has changed, vulnerabilities are still wild and different but security as a whole? It has been mostly the same.)
I personally wouldn’t expect a jr. developer to clearly articulate a possible security problem to their manager. It’s hard, to be honest. That could be part of the issue as well.
The laziness I am referring to can happen at any level and in hundreds of different situations. To your point, some people “simply don’t know what they don’t know” and may be just an honest mistake.
That’s really what I expect, to me I see this all as young engineers pushed to finish as fast as they could, didn’t know any better, and no one thought of granting any time for the devops pipeline to be shored up.
Which of course then falls on leadership for thinking they could take the cheap way out and not listen to their engineers. Any senior or higher would be screaming about the vulnerabilities, so leadership either didn’t listen (ego and greedy) or they didn’t hire anyone with the expertise (cheaped out)