In all seriousness, wasn’t that always the case? Writing bad code is relatively cheap.
Ensuring code isn’t bad is the expensive part.
In all seriousness, wasn’t that always the case? Writing bad code is relatively cheap.
Ensuring code isn’t bad is the expensive part.
Sort of?
The definition of "bad" from a security PoV is rapidly expanding, in light of relatively new capabilities and increasingly cheap access to exploitable vulnerabilities.
I don't think the definition of "bad" is expanding. Rather the ability to detect and exploit "bad" is.
fair point. another way of putting it might be to say that, for all extant software, much more of it is "bad" than we realized even a month or two ago -- and the cost to create and maintain "good" software is increasing (even as the naive / surface-level / apparent cost is plummeting)
Same thing happened with the growth of the internet. There was a time when there was basically no consideration of buffer overflow.