Cyber threats have evolved over time. If the calculated risk of a particular threat decreases, then our list of top to-do items should reflect the changing landscape. Today @boblord argues that some old advice should be retired as #Hacklore.
https://podcast.firewallsdontstopdragons.com/2026/02/02/debunking-hacklore/
An excellent follow-up article from Bob to the #hacklore interview. I particularly like the focus on #SecureByDesign and questioning the need for bolt-on, aftermarket solutions to product failures.
https://medium.com/@boblord/why-hacklore-persists-and-how-we-replace-it-985ac1065a98
@FirewallDragons We used to do similar things. Look up "camber compensators" to see how we used to deal with design defects in cars. You needed to know the car design was defective, research a solution, pay for it, and install it at your own time and expense. It was literally a "bolt-on" safety mechanism.
We don't do that anymore in cars, and we need to apply that same common sense to software.
