|
|
|
|
|
|
by galaxyLogic
1939 days ago
|
|
|
Modules make it easier to understand software. Yet what is "security" but understandability? Modularity brings about understandability. And understandability brings security. Software threats arise from the fact that coders don't in fact fully understand everything the software is doing, how it makes it impossible or possible for hackers to gain unauthorized access. If we understood the software perfectly we could easily and quickly remove vulnerabilities from it. And if we understand its limitations we wouldn't let it run a commercial airline on auto-pilot. |
|
|
I prefer to think of security as the opposite of functionality: increasing functionality makes more things possible, increasing security makes fewer things possible.
I like this view because it forces us to acknowledge the tradeoff: the most functionality we can provide is a root shell with no passwords; the most security we can provide is an inert brick; we need to be specific about what functionality should be provided, what shouldn't, and design a system which sits between the two.
From this perspective, modularity can increase security by preventing one module from accessing/executing unexported parts of another module. Yet this implies that modularity also reduces functionality, for exactly the same reason. Again, we need to specify what should be exported, what shouldn't, and implement something between the two.