The thing with security in software, is not if there is a security flaw or not. It's more about how do they get handled, not to mention how fast they are fixed.
One of the things you can count upon in software development, is that mistakes will be made at some point. Some of these mistakes will be security vulnerabilities, yet focusing on them to proclaim that all is wrong is shortsighted and unfair to developers.
Instead, the focus on those security vulnerabilities should be how the developers acknowledge them and how fast they get them fixed. How they manage both of these issues is crucial for people do what must be done to secure their system by taking the appropriate actions, and to get the fix as soon as the developers get it out.
Most importantly, let's keep in mind that every piece of software out there is bound to have some vulnerabilities. So, instead of trying to find a software without them, we need to keep working ironing out vulnerabilities out. When we solve one, the odds are that another will come to take its place.
I don't trust any software developer, or company, that tells me that their software has no vulnerability at all. I trust those who keep an eye for vulnerabilities and fix them quickly when whenever they are found. Even more when they listen to those who advice on vulnerabilities and take some action to fix the hole.
The threats that we face are also changing constantly. So, new ways to attack software to crack it open are found with time. So, we need to keep adapting to add or subtract what's needed to keep our software safe.
Software security is a never ending battle, so there will always be some vulnerability to fix. As such, we need to use and support developers that keep working on making their software safe for us to use.
No comments:
Post a Comment