logoalt Hacker News

dfajgljsldkjagtoday at 6:16 PM1 replyview on HN

It is very sad that we are ignoring the lessons we learned about security twenty years ago just because we want new toys. We spent so much time making sure that user input could not change how a program runs and now we are doing the exact opposite. The video is right that the problem is not a bug in the code but a flaw in how the whole system thinks. We are building a house on sand.

Replies

mrkeentoday at 8:23 PM

I don't think we did security 20 years ago, even if there were lessons.

Maybe the path was:

  * Build it
  * Build it right
  * Build it fast
  * Build it secure
It felt like we made it somewhere into the 'built it fast' phase before getting yanked onto the next feature.

These days it feels more like:

  * Build it
  * Build it with k8s
  * Build it with observability
  * Get sidetracked and play with AI
  * Debug it 
  * Debug it some more
  * Give up on debugging it
  * Do a tech debt sprint
  * Refactor the deployment pipeline
I would love the Overton window to somehow shift back to topics like "how do we know the code is correct and addresses the right problem?" over "how many tickets or LOC did your agent do for you today?". I don't know how we get back.