Reminds me of when they do 'firewall updates' at work, and many of the common open-source repositories/hosting etc are blocked.
I understand than some malicious software may use things like curl, but it's also annoying to have to re-create the same ticket and submit to internal IT, and then if someone working on the ticket hasn't done this before, they close it, we have to have a meeting about why we need access to that site...
The inverse isn't tolerated. If you're a software developer, you get tested for IT knowledge with phishing emails. Yet in IT it's perfectly normal to have an ignorance of the core needs of the developers - and computing itself - that results in reduced productivity or shadow IT systems.
It's not an exaggeration to say I've experienced it at every employer I've had.
I was on a penetration testing team at a large corp that doesn't specialize in cybersecurity and I downloaded Metasploit and about 15 minutes later an IT person came up to my desk to talk about the malware I just downloaded. I had to walk him to my manager to get him to understand what it was and why it was okay for me to download it.
I understand than some malicious software may use things like curl, but it's also annoying to have to re-create the same ticket and submit to internal IT, and then if someone working on the ticket hasn't done this before, they close it, we have to have a meeting about why we need access to that site...