Recently I came across multiple AWS S3 buckets with directory listing enabled. The content in the buckets ranged from simple images & js files to images of aadhaar ID, PAN cards, etc. Whats the reason ? Security is a non-functional requirement of business. What I have seen so far is that if a developer gets an idea, he/she will work to implement the idea without thinking much about the security of the product.