|
|
|
|
|
|
by martinced
4904 days ago
|
|
|
I'm tired of the logical fallacy that consists in always saying: "Every software suffers from security issues". It is just plain wrong to reason like this. So let me ask something to the ones using the above fallacy: are all programs (say webservers) equals in the face of security? It's an easy question right? And the answer is: "no, they're not all equal". So stop saying: "But Java had several DoS bugs affecting Tomcat in 2011 too, so we're not doing anything wrong here". And start coding (and documenting) to higher standards. |
|
|
It is very valid to reason within constraints of reality. Like knowing that a car "which will never ever have an accident. ever" is a lie. We know that driving a car brings a risk of an accident. That is realism. Some turn that reality into dangerous behaviour. Saying things like "Statistics tell me I will have an accident no matter what. So I can just as well finish this bottle of whiskey before driving at 150Km/h home". You are making it sound as if the Rails developers follow that logic.
They don't. There simply is a certain realism that, no matter how much effort you put into security, there will be security issues. But nothing more. Or less.