Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I think it's even simpler than the article states. For every company, profit is the top priority.


While this is correct, it's also not a particularly useful point.

A company can't just do profit. Profits aren't a thing that a company can choose (typically), they aren't an input, they're an output. You can't choose your outputs, you can only choose your inputs and aim them towards specific outputs.

How do you achieve profits? Well you do things that your customers want, and one of those things might be security. For some companies, the input of investment in security will result in the output of profits. For others it won't, or the two will be less correlated. If security does convert well into profits then it follows that it should be a priority input for the company, because that's how they will achieve profits.

This is still a huge generalisation, but perhaps less of one than "profit is the top priority".


There's a big problem of information asymmetry, though. "Security" is a very noisy metric, and not a quality that's easily evaluated by 99.9% of your customers. Outside of specialty domains like national defense (and even then...) customers don't generally care about "secure", they care about "not obviously insecure", and almost all products will appear to be "secure" enough right up until the moment that they're visibly or publicly compromised. If you either stay under the radar or get lucky long enough, you can turn profits for quite a while before the chickens come home to roost.


security (at least as meant in the advertisement) is also output


I feel skeptical; except abuse of worst nature; and do not care enough to comment coherently. A future lives around me. Yet what to Dan means a better model, distantly brings to mind the four conveyor belts from:

https://archive.org/details/the-age-of-surveillance-capitali...


Author here. I agree with what I think you mean, but stating it like that is too simplistic in my view. Money is a great way to measure effort and results, and it's top priority in that at the end of the line, without profit there is no company. But without people, products, a mission, and not being hacked too many times, there is also no company.


Wanted to say I appreciated the GK Chesterton quote, I think it set up the article well as a balancing act between all things. As the saying goes, we could have perfect security if we lived in the Stone Age.


Thank you. I hadn’t heard that one before but exactly right :)


The owners getting rich is the top priority


Indeed, a company is supposed to do what the owner of the company wants. A company does not have morals; owners do.This is why owners matter.

You are starting to discover what is called a "business model". For a good introduction, take a look at Osterwalders BMC.

https://www.strategyzer.com/business-models-the-toolkit-to-d...




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: