Cybersecurity is a constantly changing field. People have a lot of misconceptions about cybersecurity that I’d like to take a chance to clear up.

First of all, everything is vulnerable. Everything has a flaw. This isn’t on accident. This is by design. Flaws hide in benign looking behaviors. You know how people always say not to use old software like Windows XP because it isn’t safe? XP’s code didn’t change between the last patch and today. But new flaws have been found. Everything has flaws.

And about the nature of those flaws. Some are very impressive discoveries of flaws in code or in sql. But most of them are abuse of legitimate features or code. See, as long as there is a way to use a computer, there will be a way to abuse it. We will never develop code that is 100% secure, because code has to be inherently insecure to provide access to features. The difference is intent.

And about intent. Let’s say I have a program that gives me remote access to my Linux server. For me, it is a legitimate tool. Now let’s say I set that up on someone else’s computer without their knowledge. Well now it is malware, not because of the code, but because of the intent. Intent is the defining factor in weather a program is legitimate or malicious.

One last thing. People say that security is a sliding scale of secure <<< >>> easy to use. That is not true. The best security features are EASIER to use than the alternatives. Because people always pick the easier option. So it HAS to be easier to get market share. If you think you have to sacrifice usability for security, you’re not solving the whole problem.

end rant.