[donatj]

> Wouldn't it be more sensible to learn how to design security systems that are hack-proof than to learn how to identify security systems that are dumb?

That’s like saying “Why don’t they just design locks that are unpickable?”

They’ve been working on that, for a while. But you need to know what you’re protecting against. Anyone who watches The Lock Picking Lawyer knows about the swaths of new locks vulnerable to comb attacks - a simple attack that had been solved for almost a hundred years but somehow major lock manufacturers forgot about.

You can’t build something safe without considering potential vulnerabilities, that’s just a frustratingly naive thing to say.

[albntomat0]

To take the strongest form of the author’s argument, his point is that it’s not possible to take a pile of terrible code with no security, and fix all the problems in it. It’s better to architect it in a way that provides security (e.g least privilege everywhere, sandbox, memory safe languages, etc.).

I think the author could have phrased it better, in that the best approach is having a good security design, and then taking out all the bugs it couldn’t cover.