I've always considered myself a stalwart proponent of strong, effective security. But I'll be damned if my company's security policy isn't choking it's developers out.

It's like whenever a developer requirement and potential security vulnerability meet, the company doubles down on the security side, ignores their dev's needs entirely, and then takes a privilege away just to punish us for having the audacity to try and do our God damn jobs.

exactly like getting 3rd party api credentials for some service used in production.

Not sure if I'm understanding correctly but if I'd have to choose between something a dev wants as in a way of programming or a feature and it wouldn't be good for security, I'd back the security.

Punishing a programmer for it sounds very harsh though

@linuxxx I totally agree that if a known vulnerability is there, security should take precedence. But it's gotten to the point with things like admin privileges that a) you have to practically write an essay explaining exactly what your business need is and for how long you need it; b) they're extremely stingy about handing it out, especially on a permanent basis.

On top of that,
- Can't clone any GitHub repo
- Can't connect any USB device with memory
- Can't download any .zip, .exe, .tar, etc
- Can't use any personal email or storage service (Dropbox, OneDrive, etc)
- Have to get any Open Source Software pre-approved, and then the approved version is cloned to an internal repo. This includes things like VS Code extensions
- Can't install chrome extensions without a separate approval process, and all chrome extensions have to come from the same OSS repo
- The list continues...

Next thing you know they're going to install a fucking keystroke logger. Maybe I'm just a whiny Dev who's to used to having the proverbial keys to the castle, but holy shit I've never felt more boxed in and less trusted as a developer

@LuckierDodge I thought you explicitly meant code related stuffs, this is bullshit imo!

@linuxxx thank you! I'm glad I'm not the only one who thinks it's more than a little ridiculous

@LuckierDodge Makes me think if it is easier to just have an dev device off the company network, but then the argument would probably be leaks.