Comment by smt88
Taking accountability can and should include admitting you're the wrong person for the job and resigning.
Taking accountability can and should include admitting you're the wrong person for the job and resigning.
If the devs didn't take security seriously before, why would another node in the communication graph change anything?
because sometimes it's a deadline pushed by management so a change could result in allow more time for design, programming, review, or even full time security personnel. Nobody writes the best most secure software under deadline
Yes, the right person maybe can change the culture in the company (plus contribute lots of technical skills)
CTO is simply a title, the proper response here would be to hire a head of security and build it into the culture from the ground up.
I'm looking at all of the Arc Max features which probably need to be architected correctly to be secure/privacy-preserving.
They could take a lot of inspiration from iCloud Private Relay and iOS security architectures in addition to really understanding the Chrome security model.