|
Apocadall posted:or responsibility for what they program, that's always seemed like one of the biggest part of actual engineering is that your name is on it, people could die, you have a responsibility to engineer a solution that is safe and effective criminal liability for data breaches needs to happen
|
# ? Jul 20, 2016 19:38 |
|
|
# ? Jun 5, 2024 04:11 |
|
yeah that would own so hard
|
# ? Jul 20, 2016 19:56 |
|
i dunno about that one. is there criminal liability for lock manufacturers when someone breaks into your house?
|
# ? Jul 20, 2016 20:25 |
|
a better analogy is the liability of a bank holding a safe deposit box or something similar
|
# ? Jul 20, 2016 20:30 |
|
which i think is also no liability so whatever
|
# ? Jul 20, 2016 20:41 |
|
Sagebrush posted:i dunno about that one. is there criminal liability for lock manufacturers when someone breaks into your house? there certainly is for medical records
|
# ? Jul 20, 2016 20:50 |
|
H.P. Hovercraft posted:there certainly is for medical records ok, sure, you can be held liable for the records being stolen. but can you sue the filing cabinet company if the burglars manage to snap the lock and steal the medical records? this is like "charge target with losing the records" vs "charge whoever wrote target's software"
|
# ? Jul 20, 2016 21:14 |
|
i think criminalizing or at least heavily regulating programming is the correct solution
|
# ? Jul 20, 2016 21:16 |
|
Sagebrush posted:ok, sure, you can be held liable for the records being stolen. but can you sue the filing cabinet company if the burglars manage to snap the lock and steal the medical records? yes that's what HIPAA is all about
|
# ? Jul 20, 2016 21:18 |
|
theres a certain standard for physical security you have to use for hipaa compliance and its probably laid out in NIST somewhere. good luck finding it tho.
|
# ? Jul 21, 2016 02:33 |
|
but if you bought a lock that claims to meet whatever regulatory compliance but it turns out it fails in action you might have a case against them. the trick, tho, is to make sure they assume liability in the first place. like when we do stuff w/ vendors (ex: our fax webservice provider) we have it in writing that they assume liability for breaches in their system while handling our data. extending even the rudimentary hipaa standards to all personal information would be huge and good
|
# ? Jul 21, 2016 02:35 |
|
our enterprise webapp crrm/box office platform had some pci compliance change and now it prompts for a password relog every like 15 mins and its extremely annoyiung esp kuz u need 2 have it open in 2 windows (1x normal, 1x other browser or incognito or else it blows up) to do any meaninful work so i have to play whack a mole with it all day
|
# ? Jul 21, 2016 05:35 |
|
H.P. Hovercraft posted:there certainly is for medical records probably for classified documents too if the military can prove the safe was compromised under the time limit specified by the standard the manufacturer is compliant to
|
# ? Jul 21, 2016 06:07 |
|
just want to reply to the thread topic once again to say "no"
|
# ? Jul 21, 2016 06:48 |
|
|
# ? Jul 21, 2016 06:59 |
|
|
# ? Jul 21, 2016 07:00 |
|
ADINSX posted:Engineer is my favorite class in tf2 when I wanna just chill and drink a beer while playing. if you're a good shot with a hitscan weapon, that shotgun that fires metal and returns damage as metal is broken as gently caress esp if you're an ADD trolly gunslinger engineer like me get behind some fuckos and just macro drop sentries while shotgunning them to refill forever
|
# ? Jul 21, 2016 07:12 |
|
mama mia
|
# ? Jul 21, 2016 13:48 |
|
|
# ? Jun 5, 2024 04:11 |
|
JewKiller 3000 posted:just want to reply to the thread topic once again to say "no" yosposter jewkiller 3000 brings the hottest takes
|
# ? Jul 21, 2016 18:20 |