CERTs, Security Patches And Sloppy Design | Forbes

One of the problems that plagues us today is the mad rush to move code to production as fast as possible. The result is often that security is an afterthought. In some cases security is not even thought of at all. This was evident with the the messaging app “Yo”, which demonstrated a complete lack of security which led to their site being compromised last week.

With these security problems comes the patch-everything mentality. Case in point, the firewall. These were developed to protect systems that were not robust enough the stand on their own merits in the wilds of the Internet. Spafford then points out that soon people discovered that firewalls were not a panacea. They could not stop everything. Soon followed the advent of antivirus software to patch the exposures for systems that could not be mitigated by firewalls. You see how this is starting to unfold? We have a predisposition to patch things as opposed to take the time to invest in addressing long term issues. Less time needs to be spent on temporary measures.