*A strong engineering team should've had vulnerability scans at some point in their build process. That SQL injection vulnerability would've been easy to spot
*That SQL injection probably should've been picked up in a code review
*They should have been using parameterized queries in the first place. The fact he removed input sanitization methods is besides the point, that they shouldn't have been relying on those in the first place.
*A senior engineer or CTO should've known better. But I've seen very senior people make bad mistakes before. These mistakes are much more likely with immature processes and safeguards.
*Sometimes someone can get to a 'senior' level without necessarily knowing how to do some aspects of software engineering well.
A strong engineering team is about the performance and practices of the whole group. You can have individuals who are experienced at particular skills but have big gaps in the skills and experience needed to build a strong team.
*A strong engineering team should've had vulnerability scans at some point in their build process. That SQL injection vulnerability would've been easy to spot
*That SQL injection probably should've been picked up in a code review
*They should have been using parameterized queries in the first place. The fact he removed input sanitization methods is besides the point, that they shouldn't have been relying on those in the first place.
*A senior engineer or CTO should've known better. But I've seen very senior people make bad mistakes before. These mistakes are much more likely with immature processes and safeguards.
*Sometimes someone can get to a 'senior' level without necessarily knowing how to do some aspects of software engineering well.
A strong engineering team is about the performance and practices of the whole group. You can have individuals who are experienced at particular skills but have big gaps in the skills and experience needed to build a strong team.