That's a metric I use to know when it's time to change jobs: if I can't trust the people around me not to mess with my computer (or there's too many people to trust the environment) then it's time to move on.
This seems like an insane metric. For any large enough organization that is difficult to identify who actually works for $company and who is there on "business" - and given that its rare for every developer to have a locked door, you can easily have a situation where a "guest" (maybe a software vendor, or partner, or friend of coworker) is on their way to the bathroom and decides to poke around on your machine.
Barring myself from working at an company with more than ~150 people (Dunbar's number) because I'm too pompous to lock my laptop doesn't seem like a metric one would be wise to follow.
> This seems like an insane metric. For any large enough organization that is difficult to identify who actually works for $company and who is there on "business" - and given that its rare for every developer to have a locked door, you can easily have a situation where a "guest" (maybe a software vendor, or partner, or friend of coworker) is on their way to the bathroom and decides to poke around on your machine.
This is like bricking up all your windows against thieves when you live in sleepy, low-crime suburbia.
Site security needs to have a balance between paranoia and practicality. For public-facing code, history has shown us that it's impossible to be too paranoid. If you work in national security, or your industry is known to be a target for industrial espionage, then certainly strong precautions are in order.
But if you're just building social media sites or whatever, and you're firing people because they failed to stand ever vigilant against the possibility that Bob the visiting vendor rep might stalk the corridors waiting for you to take a bathroom break so he can rifle through your code for exploits to sell to teh haxxorz, you are being absurd.
I agree. If you cannot trust your co-workers/employees to the point where every computer has to be locked when someone leaves their desk then it is time to move on. If there are rogue employees then the battle is already lost and a locked computer isn't going to slow anyone down.
I always make sure to change the operating system language to Chinese whenever somebody leaves the computer unlocked so that employees like you either leave the company or learn the basis of security.
That's a also metric I use when I choose service providers. If every employee is allowed to abuse any other employee's credentials to access my private data, move on.
