My developer heart cares about you using my product. For you to use it it has to be usable, cool, performant and safe. I care about all of this, but have to balance. I wish more of this balance would get on the stage, rather than just the bug-problem-fix stories.
-
-
Replying to @lazytyped @berendjanwever
Sure, but the problem with this is two fold. First, not everyone agrees you should be allowed to adjust those knobs on their behalf, you don't know their priorities. Second, you don't have the power to adjust them, you need resources provided by people who don't have a dev heart.
1 reply 0 retweets 0 likes -
Replying to @taviso @berendjanwever
1) is the market. Ultimately what customers pay for validates my choices,also on the configurability end. 2) of course, there are many moving parts and all matter, which is why I push for multiple points of view and levers
1 reply 0 retweets 0 likes -
Replying to @lazytyped @berendjanwever
That's nonsense, how can the market react to information that you're arguing they shouldn't know? I'm saying make it public and let the market decide. You're saying don't let the market know, just trust us to do the right thing.
1 reply 0 retweets 0 likes -
Replying to @taviso @berendjanwever
At what point have I ever advocated to not make information public? If anything I am for more information, not less (in fact I'm looking at all the incentives, not narrowing my scope to security bugs)
2 replies 0 retweets 0 likes -
What I'm telling you is that multiple factors go into my choices as a vendor and the only judge of those is whether customers buy into this or not.
1 reply 0 retweets 0 likes -
Replying to @lazytyped @berendjanwever
What I'm telling you is that unless users have enough information to tell you what they expect, you're effectively saying "please trust this capitalist institution to do the right thing, which is very expensive, without any incentives to do so".
1 reply 0 retweets 0 likes -
Replying to @taviso @berendjanwever
Let's stay on the engineering side. The big bad capitalist narrative is the best way to weaken a respectable position /line of thinking
1 reply 0 retweets 0 likes -
Replying to @lazytyped @berendjanwever
Dude, engineering isn't free, it's expensive. The only way to get that money spent is to tweak incentives so that it makes economic sense. That's not a critique of capitalism. I get that vendors don't like external people trying to tweak those incentives, but too bad.
1 reply 0 retweets 0 likes -
Replying to @taviso @berendjanwever
I think you are missing that In fully okay on you trying. I'm just telling you that security researchers are just one voice and often time not so powerful as you might think. And here it comes the narrative I hoped to not get into.
2 replies 0 retweets 0 likes
Okay, fair enough, I guess we'll see - I think we have pretty good data that PZ, for example, has been able to adjust patch times. 
-
-
Replying to @taviso @berendjanwever
I have data on customers request that have improved patching infrastructure. Everything evolves, thankfully. I hope vendors will keep pushing those more costly, but longterm more useful changes over just a turnaround race, but I have no idea. I appreciate the work P0 drives.
0 replies 0 retweets 0 likesThanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.