It would be fine, but people who claim to be pro in software and are being paid premium refuse to learn from mistakes, neither from their own nor from others'. They just mitigate the fallout by saying things "It's was a mistake, sorry about that, it happens, software is hard".
Brain surgery is hard. Mistakes happen. But after a few mistakes you probably should stop doing brain surgery altogether. At least the patients will get a higher chance to survive your surgeries by avoiding you.
In terms of security, handling passwords should be considered analogous to brain surgery. A single mistake undermines the whole thing. If you can't handle that, stop doing it, and let people do it who can handle it better.
I understand your frustration but its coming from flawed argument. According to cancer.org, there is 50% chance you survive brain tumor surgery. From that account half the surgena should stop working.
Imagine the twitter traffic and how much code they are dealing with. This kind of mistake can happen and will happen. Someone was surely held accountable which they do not need to disclose.
No, it doesn't. And that's not the issue. It's OK to make mistakes if you learn from them to prevent them from happening twice or trice. But apparently even if paid premium they don't. There were soooo many password db hacks and cracks in the recent years, I can't believe people still defend bad software engineering as if mistakes is a natural occurrence which cannot be prevented. You can't prevent singular mistakes, but you well damn can make it hard to exploit them!
If you keep and let bad developers in software security even if they made the same mistakes (and mistakes of others) repeatedly there won't be any security left. So what's the point?
Would you relax? If what Twitter says is true (and there's no reason to think it's not), these were passwords which were logged to plaintext logs, which only people internal to the company can read.
We're not talking about a massive password breach, a bunch of script kiddies who found a database of plaintext credit cards by going to /admin.php and logging in with "admin / admin", or anything like that. We're talking about a mistake Github themselves made (and if you think Github doesn't know what they're doing in terms of security, I question your judgement).
Furthermore, when was the last time there was a major security breach at Twitter? You're claiming they're "keeping" bad developers and not learning from their mistakes as if this was a regular occurence for them.
And coming from me, I don't usually defend security breaches and malpractice. This doesn't really qualify. They made an official announcement, notified all users, even unaffected ones, both by email and on first login; that's more than you can ask them to do.
What bothers me about reactionary posts like yours is they give negative feedback to companies who actually do right by their breaches, which as is well known in the security field, is a matter of when, not if.
Brain surgery is hard. Mistakes happen. But after a few mistakes you probably should stop doing brain surgery altogether. At least the patients will get a higher chance to survive your surgeries by avoiding you.
In terms of security, handling passwords should be considered analogous to brain surgery. A single mistake undermines the whole thing. If you can't handle that, stop doing it, and let people do it who can handle it better.