Will software security improve?

Software is wildly insecure. Basically all software can be hacked with varying degrees of sophistication. The cheaper the software / device, the easier it is to hack. Some devices ship without any real attention to security at all. C’est la vie.

Here’s the thing: do we care? Sort of. But mostly not. And that’s because, as Danniel Miesller recently pointed out, the benefits of software (insecure or not) far outweigh the costs. Here’s his helpful graphic summary:

Everyone would like, in theory, to have more secure software. But security costs talent, time, and therefore money. We don’t get secure software because we mostly don’t want to pay for it.

Will that change? Should that change? There’s a lot of talk around regulating cybersecurity, but if we’ve collectively decided we don’t need it then perhaps we don’t. We may see cybersecurity regulation focus on preventing black swan events like entire sections of the internet going down or people dying or elections being hacked. But perhaps that’s where the regulation should end. Software is amazing and cheap and, so far, no one dies. Success!