Why Security Programming is Hard
I find software security alarming.
Here’s why I think it’s alarming: Google is supposed to employ some of the brightest software engineers in the world, and yet, almost nobody knew anything about security. My “hacking” credentials were probably the best on my team after I read a couple of books.
Breaking into software just isn’t part of most computer science curriculums.
I realize Google employs full security teams now, and they know their stuff, but most regular software engineers don’t. And if they don’t know it at Google, what does that say about the rest of the engineers in the field?
Even in web software, the number of things a programmer can overlook is alarming.
Keep this in mind when you’re using online services.
I just hope our banks and financial institutions employ hordes of security people.
I’d recommend you assume that nothing is secure, and use dual authentication schemes whenever possible.
And FYI, I use online shopping, banking, and bill-pay as much as anyone else. I just assume that if these things aren’t secured, we’re all screwed, so I don’t worry about it.