I don’t think is true - the endgame of software security is very secure atleast at the code level. I.e. fully clean supply chain, no memory safety issues, maybe even formally provable code.
replyRight now we are in a very unstable place but it might not be permanent!
As long as the costs (monetary and otherwise) of breaches are not (by and large) hitting shareholders and the C level, why would they pay for better security? And why would politicians depending on campaign contributions of tech companies force the mentioned groups to take on the full responsibility by regulating them?
replySo full disclosure I am working on this but my thought is basically this:
reply* Make Rust (or similar memory safe language) drop in replacements for C/C++ code
* the stick is Claude mythos and the like - scares CISO’s, shareholders, etc into urgency
* the carrot is - improve performance significantly where possible. Either through straight up better code OR through customizing hot paths for companies specific use cases
So for companies running large workloads it could be economical in two ways
I am not sure anything is scaring anyone into urgency as long as breaches are no great issue for the company (in contrast to their customers and/or affected third parties).
replyAlso, more secure code might be performing better, it might also perform worse. I am not sure the concepts are completely orthogonal, but there is at least no clear causality.
That's an optimistic take I haven't heard before, love the idea a lot. Wake me up when we get there though...
replyThis end state isn’t guaranteed to be clear people need to go out and work on it.
reply