Comment by idle_zealot

5 days ago

> I've moved toward viewing security and quality as sufficiently overlapping that they can be treated as a single area.

Quality implies knowledge, understanding, and the willingness to use them. Security is the same, but for the narrowed domain of security best-practices and common vulnerabilities. It's possible for something superficially high-quality to be insecure, but that implies that whoever made it either has extremely lopsided experience, or left the vulnerabilities in intentionally or knowingly. Of course, security is a particularly tricky domain, so even a fairly talented and good-intentioned developer is likely to make some missteps. Those missteps, I'd say, qualify as lapses in quality. I'd be damned surprised, on the other hand, to find that something low-quality is secure, and would assume that any such security is the product of a happy accident or sheer simplicity of the software, and is more likely than not to be lost as it grows and changes.

2 comments

idle_zealot

Reply
xprnio  5 days ago

This reminds me of Notepad

  • idle_zealot  4 days ago

    You mean in the sense that it was secure by virtue of being extremely simple, and lost that security because it grew in complexity without growing in quality?