• @[email protected]
    link
    fedilink
    279 months ago

    Having spent too much time in OS security, I wish people building today’s products could realize and internalize just how their project is a house of cards built on top of a house of cards, security-speaking. We’ve normalized a seriously insane amount if sketchy shit that the critique of a modern product core to many linux OS distributions was seen as just old people ranting … and the shady shit continued.

    One day we’re going to run into a series of deep-seated security exploits that will blow our mind and cause a chernobyl of damage, and we may not even link it to a particular weak link among SO MANY weak links; but that’s what we’re looking at. And the fact that we’re ignoring common-sense, best-practice rules to develop core apps is leaving a hole in the proverbial fence that we’re ignoring as well.

    God help us.

    • @perviouslyiner
      link
      89 months ago

      Saw in the news recently that it was possible to radio an exploit to semi trucks in a way that could spread every time two trucks pass each other (default passwords, natch.) - and it’s just utterly unsurprising.

    • @brygphilomena
      link
      69 months ago

      Security teams have to get it right every time.

      Hackers only once.

    • @[email protected]
      link
      fedilink
      39 months ago

      Having worked in product security, the biggest challenge we faced was upstream vulnerabilities in both closed and open source software. The biggest problem with FOSS is that its allure is the F part. No company wants to dedicate resources to patching vulnerabilities in software they don’t own, and no OSS developer wants to work for F500 companies for free.