Most startups don’t fail because of bad code. They fail because of assumptions thatfelt reasonable at the time.
OK, I’m following…
Hard-coded keys. Tokens trusted blindly. Encrypted payloads accepted without context.
bahaha ok no that’s not bad code, that’s straight up failing to do the job correctly at all…
It is, but it’s also extremely common. Startups are usually in the business of shipping fast and they take many shortcuts, including failing to hire anyone with a security background (yes, even basic stuff), doing any kind of code review, etc. you have small teams of maybe 1 or 2 seniors plus a few young ins who can code and ship fast, and that they will do.
I think the first paragraph you quoted does really tell the story. There are usually no assumptions of those things. To assume something you need to consider it first.
I mean, isn’t an assumption a shortcut of considering and not consideration itself? I still stand by that such devs should not be writing anything remotely important.
