Comment by photonthug

You can’t generally change anything about this kind of culture unless you’re in charge of a large department, but it’s still worth understanding how it plays out because you’re going to be affected.

https://raw.githubusercontent.com/lorin/resilience-engineeri...

This one diagram neatly captures tension between infosec/devops/management/engineering/qa at most organizations. If you know who has the most power, how the executive suite evaluates liabilities, etc, you can guess which gradient has the most momentum, and maybe even start a countdown to disaster when deviance is too normalized for too long.

Anyway, grassroots “we need more tests” stuff can’t actually hurt, but other stakeholders can always make sure it won’t help. Safety/quality is an org responsibility, and it requires cooperation. Only someone who can hire/fire department heads can really create the necessary conditions. One of the biggest red flags is leadership that acts like it’s one group’s responsibility, because that’s such a naive POV that no one senior would really believe it, and most likely someone is about to be scapegoated.