SoylentNews

ticho [soylentnews.org] writes:

A developer Jeremy Bowers has an interesting article [jerf.org] about why it's so hard to write secure software. In summary (and I quote):

Let's talk about why it's so hard. My thesis is simple: We write insecure software because our coding environment makes it easier to write insecure software than secure software.

But exploring what it fully means can lead some surprising places. Please join me on a journey as I try to show you why that is not trivially true, but in fact, profoundly true. We do not occasionally pick up insecure tools, like a broken encryption routine or misusing a web framework; we are fish swimming in an ocean of insecurity, oblivious to how steeped in it we are.

Original Submission