Comment by SkyPuncher

Comment by SkyPuncher 12 hours ago

0 replies

View on Hacker News

From what I can see, being closer than the average engineer to the space (but not an expert on my own), a few things are happening:

* Engineers are being pushed for ownership of security more directly. You still need someone on the team to guide and support them, but they're not going to be directly involved all of the time.

* Significant amounts of automation and centralized security. Supply chain management is a double edge sword. It does open up vulnerabilities, but you can simply pay one of the SaaS companies in the space to help with a lot of the heavy lifting.

* Commoditization/Platform-ification drastically reduces attack vectors.

OWASP has a nice comparison from over the years: https://github.com/OWASP/Top10/blob/master/2021-2003_Compari...