top | item 38150424

(no title)

I think you are right, but security teams is for when things does not go as expected.

Like Opensea had insider trading but they were not nearly as big as FTX, everyone knew FTX. Opensea is “just” a marketplace, not even near a live trading platform.

But there will probably be more information about it the next 10 years heh.

discuss

marcc|2 years ago

> security teams is for when things does not go as expected.

That's an unexpected view. Security teams are experts in security and help application developers think of ways the product could be exploited. Security teams run pen tests and bug bounty programs. Security teams manage compliance.

Separation of duties is a critical part of building a secure system, and you can't have separation of duties properly if app developers do it all.

Don't think of a security team a punishment for when things didn't go as expected, but a good security team can help increase velocity and confidence and security all at the same time.

kevinsimper|2 years ago

Yes, that is also what I meant :)

But with 10-25 developers I do not think they had what we both think are essential.