logoalt Hacker News

hnlmorgtoday at 6:55 AM2 repliesview on HN

Yes, I got their point. My point is that’s the opposite of reality.


Replies

UweSchmidttoday at 9:10 AM

Maybe it's time to take a closer look at reality and correct this meme, which might casually blur the issue and deflect responsibility?

Looking at the IT security landscape we see every layer, every product category if not every product itself riddled with issues at one point or another. At the same time the incentives to put those security issues in are huge, and we know attackers work systematic, creative and persistent to introduce those weak points.

Security is hard and many bugs certainly happen due to mistakes, but I wouldn't assume that all of those security mishaps stem from an endless series of blunders from "stupid" programmers.

So I would go with “Never attribute to ignorance that which is adequately explained by malice.”

show 1 reply
naruhodotoday at 8:37 AM

His point is that in security, the opposite applies. The supposed "incompetence" is just plausible deniability for a malicious act.

show 1 reply