Why security is hard, and why it’s not going to get easier

Bruce Schneier summed it up well: the good guys have to secure all the doors and windows; the bad guys only have to find one. In a nutshell, that’s why security is hard. Real-world security has to deal with that problem all the time.
If you think of writing software as filling a feature space, sometimes you accidentally provide functionality that you didn’t intend to, while providing what you meant to. You meant to provide an exhaust port but you also created a vulnerability.
Continue reading “Why security is hard, and why it’s not going to get easier”