> Just assume every engineer has access to everything.
Wise rule to live by. I would certainly advise everyone to assume that.
On the other hand geek_at was talking about a slightly different thing.
They were talking about how the media criticised FB for having too lax controls on private information. geek_at even called it an "outrage".
We can and should absolutely ask platforms to do better while at the same time playing it safe ourselves with the data we control. There is no contradiction there.
There is an other layer in which it feels we are talking by each other. You mention zero days, and yes those are a thing and yes an insider is in an excellent position to find them and exploit them. Finding them and patching them is a good idea for sure. (For many reasons.) But the FB thing mentioned wasn't about an exploited zero day. It was a company sanctified system and associated work practices. We can demand that a company develop better practices (where not every engineer needs this high of a level of access to do their job) without expecting them to find and patch every single vulnerability.
Not at amazon, but I've def written internal-only-and-never-used-outside-of-team-type-tools that has obvious security issues, just to let non-devs get things done.
There are so many zero days in regular consumer software, just imagine how many are in closed source public facing Amazon services.
Now multiply that by 100 to get the number of zero days that probably exist in Amazon's closed source dev only back end environment.