hot take about the programming world
We've known for at least a decade that memory safety vulnerabilities are *by far* the most common and destructive type of security vulnerability in software. That's not a hypothesis, we have data for this, and have had it for a long time - it's been true ever since parameterized queries nearly elimited SQL injections. It's not in question.
The fact that, despite this overwhelming data for over a decade, and despite things like Rust existing, the programming community at large *still* hasn't broadly acknowledged that memory safety is a high-priority threat to software security that warrants a drop-everything response, raises some extremely uncomfortable questions about the competence and trustworthiness of the field as a whole.
It also draws some similarly uncomfortable parallels with the pandemic response by major governments.
hot take about the programming world
@joepie91 so much of this is on business leadership. I once spent two years leading a team building a product in a memsafe modern lang, only for the business—within months of our successful product launch—to throw it all away & purchase a competitor’s business that we nearly had feature parity with, because they had an established customer base. That product had a 10yo codebase written in C, in which they’d written *their own (buggy) memory management layer*