**Secure By Design Is Better Than Secure By Myth**
As a journalist in the field of information security, I've had my fair share of encounters with well-intentioned but misguided advice. We've all seen it - those pesky articles and blog posts that peddle "hacks" or "quick fixes" to supposedly make our lives easier, only to have us realize later on that they actually made things worse.
Bob Lord, a renowned expert in the field of information security, has been waging a war against these myths. He's been working tirelessly to debunk what he calls "hacklore," or the collection of misconceptions and mistakes that keep popping up in news stories and advice to users. In this episode of Security Weekly, Bob joins us to discuss how these myths come about, why they're so harmful, and most importantly, how we can build software that's truly secure by design.
But first, what exactly is hacklore? According to Bob, it's the result of a perfect storm of factors - misinformation, misconceptions, and a general lack of understanding about how security really works. It's easy to get caught up in the hype surrounding the latest "hacks" or "exploits," but more often than not, these so-called "solutions" are actually just band-aids on a deeper issue.
So, why is it that we keep falling for this bad advice? One reason, Bob suggests, is because people tend to focus on the symptoms rather than the root cause of the problem. We're more likely to see a headline that screams "Your password is vulnerable!" and immediately think "Oh no, I need to change my password!" rather than taking a step back and asking ourselves "Why did this vulnerability exist in the first place?"
This is where secure by design comes in - it's an approach that focuses on building software with security in mind from the very beginning. Rather than trying to patch things up after they've been broken, we can create systems that are inherently more secure and resilient.
But how do we make this happen? Bob points out that it requires a fundamental shift in our thinking - we need to move away from the idea of security as an afterthought and towards a more proactive approach. This means working closely with developers, testers, and other stakeholders to identify potential vulnerabilities early on and designing systems that are inherently secure.
Of course, this is easier said than done. There are many reasons why we don't always get it right - from lack of resources to outdated technology and, worst of all, simply not knowing what we're doing. Bob emphasizes the importance of education and training in this area, as well as a willingness to admit when we've made mistakes.
As Bob so eloquently puts it, "We need to stop relying on myths and start building software that's truly secure by design." It's a message that resonates deeply with me, and one that I hope will inspire our listeners to join the fight against hacklore.
For more information on this topic, be sure to check out Bob's latest articles and resources listed below:
- Hacklore: A collection of security myths and mistakes
- Let's stop hacklore (Medium)
- Secure by Design: A guide to building secure software
- Recurring classes of software weaknesses: 2007 vs. 2025 (Medium)
- A method to assess forgivable vs. unforgivable vulnerabilities
- The nut behind the wheel (99% Invisible)
- Cautionary tales: Short a screw loose at 17,000 ft.
Don't forget to tune in next time for more insightful discussions and expert analysis on the world of information security!
Visit https://www.securityweekly.com/asw for all the latest episodes!