This preview link vulnerability appears to be an easily implemented mistake. I wonder if having vertical development teams (client, api, etc) vs horizontal teams for a particular product makes this type of defect more likely. I could see how a client team would be likely to consume the preview link API without considering its internal implementation or that it could probe internal cloud infrastructure. The API mistake could have been easily made by any developer, particularly more green developers. Lack of a larger number of people involved with the entire horizontal stack could make this type of issue more likely to not be found.
My organization is considering restructuring teams from 1-3 horizontal teams (full stack) for a given product to 1-3 teams that focus only on one slice of the product. Seeing articles like this makes me contemplate if there’s more security risk with this approach.
My organization is considering restructuring teams from 1-3 horizontal teams (full stack) for a given product to 1-3 teams that focus only on one slice of the product. Seeing articles like this makes me contemplate if there’s more security risk with this approach.