Why Bloat Is Still Software’s Biggest Vulnerability

mfigueiredo@lemmy.world to Programming@programming.dev – 62 points –
Why Bloat Is Still Software’s Biggest Vulnerability
spectrum.ieee.org
5

You are viewing a single comment

It takes time to implement features. Execs and managers don't want to implement the wheel and developer time costs a lot more money than security vulns.

On the other hand, reinventing the wheel isn't really great, either.

Part of the reason for bloat is the fact that frameworks and libraries became huge, a basic Spring Boot webserver is already gigantic.

@agressivelyPassive

> Part of the reason for bloat is the fact that frameworks and libraries became huge

Absolutely. What I find funny is that the inverse is kinda true, too. Tiny dependencies (as seen in the Javascript world) are also to blame. They’re so small, I’ve noticed some devs say “well it’s so small, what’s the harm of one more?”. Bloat by a thousand deps.

@programming

IMO, some things will require obligatory security checks. They will have to be legally binding too. Then businesses might be forced to care.

Without any consequences, nobody will care until something happens.

CC BY-NC-SA 4.0