Hacker News new | past | comments | ask | show | jobs | submit login

That's joining the correctness/safety vs security argument.

Correctness/safety is to do what it's supposed to do.

Security is to do what it's supposed to do when there is an intelligent third party that is actively trying to prevent that.




To that, I would argue that security is (or should be) part of the spec; if it’s not secure, it’s not correct. Having it be a separate and lesser concern is how we end up tacking on security features as an afterthought.

To borrow from the kernel devs: Security requirements are just like any other requirements.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: