-
there can be a kind of despairing attitude to the problem of making secure software. but, even though there will always be new stuff popping up, I do think it is possible to do & I think we are transitioning to that world.
-
and, the despairing attitude is the reason we don't have it. and the fact that it has to be a collective shift across the whole ecosystem, because you can't solve the whole thing anew with each program you write.
-
was thinking about this with that "Trojan Source" thing (trojansource.codes/). which got two reactions: - yes, OK, of course, we know this, this is how Unicode works, duh - and text editors & source repos adding in highlighting and warnings to eliminate the threat in practice
-
if someone had pointed this out a decade ago (and I assume someone did), it feels like the response would've been "OK, but what can you do about it? it's impossible to stop". attitudes change.