SineWave GP Pat Muoio’s article was featured in Security Magazine: The curse of software vulnerabilities: Are we doomed?
In the early days of computer security, researchers set out in search of the holy grail of perfect code. They sought formal methods to analyze code and assure that software was doing all and only what it was supposed to do. There would be no such thing as software vulnerabilities, and hacking was a thing of science fiction. Significant advances were made along this quest, and the approach remains enticing as a theoretical possibility. But despite years of research and many dollars of investment, the approach remains impractical to this day. In addition, the code developers who must bear the cost of using these methods are often not the users who reap the benefits of less vulnerable code.
The economics of the software market do not favor investment in software assurance methods. So, are we doomed to vulnerable code and the dogged pursuit of finding and fixing vulnerabilities? Or should we aim for better, not perfect, and look for protections from our imperfect code elsewhere in the cybersecurity ecosystem?
Read the full article here.