Now, as a software security evaluator, I see that sometimes even the simplest data protection is missing from programs, which highlights that the problem with building in security and privacy is not complexity, per se—it’s our habit as engineers to work hard on what is emphasized and visible. We are driven by the immediate business value of features and data, so we build features ASAP and collect as much data as we can. We tend to put our heads in the sand when it comes to the misery of our users whose data may leak from our systems, because after collecting it, we often forget about protecting it.
A balance can exist between development goals and privacy and security concerns. My advice to data-driven engineers is to be careful, think about how much data you really need, and don’t get greedy.
Read more at O’Reilly
