But there is no such thing as a "software development license". Is that just naive wishful thinking?
It's normal wishful thinking.
I mean, do you think that the way to secure systems is layer after layer of pain-in-the-ass red-tape and heavily silo-ed organizational structure?
Basically, yes. Just look at them: https://informationisbeautiful.net/visualizations/worlds-big... - when Marriott Hotels leaks data, that's a shame, when the big and prominent tech companies can't stop it - LinkedIn, Google+, Twitter, Dell, Uber, Amazon, Sony - or the important Equifax, Healthcare.gov, NHS, IBM Health Net, that's damning.
Do you want to trust your data to "a more cooperative approach" where people can debate whether security is too much of a negative nancy drag to bother with? Do you think we're at a stage now where this is winding down and everything important is basically secure? I don't. I think we've only seen the beginning of all the data leaks and sold information and dormant vulnerabilities, and that most systems are only considered "secure" because nobody has tried to attack them.
Hey, I agree we're only at the beginning of very bad things for information security problems.
However, putting blame so heavily on the devs isn't constructive. They're subject to the same forces as the infosec people-- clueless corporate hierarchies and derpy project managers that blindly push through deliverables.
And yes, I DO want to trust my data to orgs that take a cooperative problem-solving approach where people genuinely want to do the right thing, are encouraged to do so, and aren't afraid to challenge ideas.
Sorry, but the info-sec "mall-cop" approach doesn't do this.
It's normal wishful thinking.
I mean, do you think that the way to secure systems is layer after layer of pain-in-the-ass red-tape and heavily silo-ed organizational structure?
Basically, yes. Just look at them: https://informationisbeautiful.net/visualizations/worlds-big... - when Marriott Hotels leaks data, that's a shame, when the big and prominent tech companies can't stop it - LinkedIn, Google+, Twitter, Dell, Uber, Amazon, Sony - or the important Equifax, Healthcare.gov, NHS, IBM Health Net, that's damning.
Do you want to trust your data to "a more cooperative approach" where people can debate whether security is too much of a negative nancy drag to bother with? Do you think we're at a stage now where this is winding down and everything important is basically secure? I don't. I think we've only seen the beginning of all the data leaks and sold information and dormant vulnerabilities, and that most systems are only considered "secure" because nobody has tried to attack them.