Why Bloat Is Still Software’s Biggest Vulnerability - eviltoast
  • MadhuGururajan@programming.dev
    link
    fedilink
    arrow-up
    11
    ·
    9 months ago

    It takes time to implement features. Execs and managers don’t want to implement the wheel and developer time costs a lot more money than security vulns.

    • AggressivelyPassive@feddit.de
      link
      fedilink
      arrow-up
      6
      ·
      9 months ago

      On the other hand, reinventing the wheel isn’t really great, either.

      Part of the reason for bloat is the fact that frameworks and libraries became huge, a basic Spring Boot webserver is already gigantic.

      • Oliver Lowe@hachyderm.io
        link
        fedilink
        arrow-up
        7
        ·
        9 months ago

        @agressivelyPassive

        > Part of the reason for bloat is the fact that frameworks and libraries became huge

        Absolutely. What I find funny is that the inverse is kinda true, too. Tiny dependencies (as seen in the Javascript world) are also to blame. They’re so small, I’ve noticed some devs say “well it’s so small, what’s the harm of one more?”. Bloat by a thousand deps.

        @programming

    • onlinepersona@programming.dev
      link
      fedilink
      English
      arrow-up
      2
      ·
      9 months ago

      IMO, some things will require obligatory security checks. They will have to be legally binding too. Then businesses might be forced to care.

      Without any consequences, nobody will care until something happens.

      CC BY-NC-SA 4.0