> 3. Computer security for many systems is critically important yet very difficult, and attackers are everywhere.
I would offer that a lot of the attack surface came from the intersection of the Internet and shipping faster than testers could keep up. The Internet means a mistake's blast radius is no longer just limited to insider threats or downloading shady software onto your own machine, now every computer in the world is a potential threat. The shipping "faster than thinking" means years worth of best practices about SQLi or CSRF or IDOR or or or get swept under the rug
In some ways, this is the same as 2 in your list, and I guess some of 1 also given that some frameworks and tools help that problem and some are "welp, good luck, don't screw up"
I would offer that a lot of the attack surface came from the intersection of the Internet and shipping faster than testers could keep up. The Internet means a mistake's blast radius is no longer just limited to insider threats or downloading shady software onto your own machine, now every computer in the world is a potential threat. The shipping "faster than thinking" means years worth of best practices about SQLi or CSRF or IDOR or or or get swept under the rug
In some ways, this is the same as 2 in your list, and I guess some of 1 also given that some frameworks and tools help that problem and some are "welp, good luck, don't screw up"