Ask Slashdot: How Are So Many Security Vulnerabilities Possible?

dryriver writes: It seems like not a day goes by on Slashdot and elsewhere on the intertubes that you don't read a story headline reading "Company_Name Product_Name Has Critical Vulnerability That Allows Hackers To Description_Of_Bad_Things_Vulnerability_Allows_To_Happen." A lot of it is big brand products as well. How, in the 21st century, is this possible, and with such frequency? Is software running on electronic hardware invariably open to hacking if someone just tries long and hard enough? Or are the product manufacturers simply careless or cutting corners in their product designs? If you create something that communicates with other things electronically, is there no way at all to ensure that the device is practically unhackable?

We aren't using Rust enough.

The problem is that we aren't using safe-by-design programming languages like Rust enough. If we used Rust more, then many types of bugs and security flaws wouldn't even be possible. As more and more software developers follow Mozilla's lead and start to use Rust to build their software systems, we will see many common types of security flaws vanish.

Re: We aren't using Rust enough.

[Zero__Kelvin]

You should avoid Rust and use my new language WD40, which gets rid of the biggest security problem in the industry: programmers who think there is a computer language that is a panacea.

Re:They don't know how to cost-effectively. Locksm

[l0n3s0m3phr34k]

"Does it compile? Then it ships!" per-quarter profit margins demand it!

Re: And 90% of the 90% are the biggest boys

[Cryacin]

Succinctly put:

People think agile is about "Getting shit done!".

It turns out to be "Getting shit, done!"