Both are bad. Crime is bad, but this is an argument for making software engineering more like a medical doctor's guild. Some things simply should not be done. There is an expectation of competence for some things like finance and medicine.
Storing your keys in plain text is hardly software engineering. Plenty of people who don't know the first thing about coding do it all the time.
This is a failure of security and risk management. Making a guild or licensing requirements for software engineers may or may not be a good idea, but it wouldn't have addressed this problem.
But even if it would have in the abstract, FTX played fast and loose with so many other rules, I wouldn't expect them to abide by those either.
Hmm. That is a valid argument for me. You are right. In practical terms, the main issue lies with risk assessment ( and leadership basically running a scam ), but should a person implementing their ideas know better?
I know what the real answer is, but I am curious of the response.
Basically yeah. Medical doctors will not do some thing for fear of losing their license to practice. One could argue storing data like this in plain text is malpractice.
