Comment by avarun
And what, you’re going to find them a new CTO? What kind of magical world do you live in where problems are solved by leaders resigning, instead of stepping up and taking accountability?
And what, you’re going to find them a new CTO? What kind of magical world do you live in where problems are solved by leaders resigning, instead of stepping up and taking accountability?
CTO is simply a title, the proper response here would be to hire a head of security and build it into the culture from the ground up.
I'm looking at all of the Arc Max features which probably need to be architected correctly to be secure/privacy-preserving.
They could take a lot of inspiration from iCloud Private Relay and iOS security architectures in addition to really understanding the Chrome security model.
If the devs didn't take security seriously before, why would another node in the communication graph change anything?
because sometimes it's a deadline pushed by management so a change could result in allow more time for design, programming, review, or even full time security personnel. Nobody writes the best most secure software under deadline
Yes, the right person maybe can change the culture in the company (plus contribute lots of technical skills)
Yeah, I also think that asking someone to resign for this does not look like a proportionate response
They are owning up to their mistakes and making sure such things don't happen again (and increasing the amount from 2K :-)) seems like the right approach to me
Taking accountability can and should include admitting you're the wrong person for the job and resigning.