Comment by hsbauauvhabzb
4 hours ago
Your analogy portrays gravity as a thing that buildings cannot be built to withstand. There are plenty of structurally sound buildings and while there are plenty of secure apps the problem is there’s no incentive to build the latter.
On the contrary.
My analogy would be: of course buildings have to be built to withstand gravity. That’s a natural part of the world that cannot be eliminated.
Buildings are built to stand up to natural forces. But not to, for example, the threat of a malicious actor crashing a plane into them. That isn’t typically considered a reasonable thing to architect civilian infrastructure for.
When you built IT infrastructure likewise you should build it to handle the natural forces it will be exposed to. But are you as accountable for securing it against the acts of malicious parties as a structural engineer is for securing a building against gravity, or as accountable for securing against those acts as the structural engineer is for securing that building against terrorists?