Or at least become more vulnerable. I've recently been helping a client with their secure coding initiative and as a result I've been reading Mike Howard and Dave LeBlanc's Writing Secure Code which reminded me of an important aspect of maintaining a secure code base which often gets overlooked: That is that as code ages it becomes insecure.The state of the art in discovering vulnerabilities advances. I remember when nobody worried much about buffer overflows. Related to that, programs get used in environments they weren't written for. Who really cared about buffer overflows on the early Internet when just getting it working for a few researchers was the goal? Related to that, the number of people motivated to break code keeps increasing, especially those with monetary motivation. With enough eyes are bugs are shallow also means with enough eyes all vulnerabilities become easy to find. Or, in this postmodern world, even computer programs are largely what people perceive them to be, and those perceptions change.— Evolve or Die, by arthur, Emergent Chaos, August 29, 2007 at 7:47 AM
For example, Jeff Pulver perceives Facebook's video messages as videophone. How long before somebody perceives it as a phishing method? Where there's humans there's humint.
-jsq
Comments