Ransomware and the age of insecurity
It will seem incredible to many that we are still discovering security holes in software that has been in use for decades. Most people might expect that, at least for the software used by hundreds of millions of people every day, faults should have been spotted and fixed by now.
But the chaos caused by the WannaCry ransomware this week shows how hard it is to secure even the most seasoned software, and that things can still go wrong on a grand scale.
For we live in a world of software that's all but impossible to secure, and this will always be the case.
That's because software is rarely conceived or written in isolation. Sometimes developers are building on old code written by others, or they have to connect it to other systems they neither architected nor built. Code is often written in a hurry by developers with every intention of going back to fix it later, but who never get the time. And business priorities change just as coding fashions change, whether that's the languages used or the way projects are managed.
Code of practice
Rather than seeking perfection, software development is a more often a compromise. Consider a new office block on an odd-shaped site in the middle of a crowded city: it may have to be built on top of old sewers and underground railway lines, with the developer hoping that nothing nasty is going to start flooding the basement -- or, worse, that the foundations fail and the whole thing comes crashing down.
This is not to say that software companies should be let off the hook: the importance of robust code and secure software can only increase as it's used in everything from self-driving cars to medical equipment.
Ship now and fix it later is no longer an option -- 'move fast and break things' might be a cool hacker motto, but it's not for developers who are building critical systems that we rely on every day. We need to recognise the importance of building and maintaining secure software, and reward companies that make this a priority.
But we must also acknowledge that software will inevitably let us down on occasion. At the most basic level that means backing up systems and data, and being prepared for the worst. It also means we need a better understanding of the risks we face.
It's true that an unlikely chain of events allowed WannaCry to be so virulent, and there's plenty of finger-pointing going on. But there will be more perfect storms like this, and soon, so get ready.
ZDNet Monday Morning Opener
The Monday Morning Opener is our opening salvo for the week in tech. Since we run a global site, this editorial publishes on Monday at 8:00am AEST in Sydney, Australia, which is 6:00pm Eastern Time on Sunday in the US. It is written by a member of ZDNet's global editorial board, which is comprised of our lead editors across Asia, Australia, Europe, and the US.
Previously on Monday Morning Opener:
- Omnichannel debunked in less than 5 minutes
- 3 things to know about the cloud v. data center decision
- A VPN will not save you from government surveillance
- The death of the smartphone is closer than you think. Here's what comes next
- What do PCs, Samsung's Galaxy 8 and Toyota's concept vehicle have in common? Notable design
- Convergence returns as former players exit
- Why it's time to cash a ticket to the DevOps revolution
- Samsung Galaxy S8: Six big questions - and answers