Honestly I find it difficult to understand why people do not get the idea of why errors and low-quality software occur. All software development is an economic function. Every addition, a change comes with consequences, and thus, costs.
When we consider security, we need to think about all of the changes that go into a software product. In this, we must ask:
- Why isn’t quality assumed?
- Why isn’t security assumed?
- Why are these concepts thought of as add-ons to applications and services?Why do they need to be specified, when they should be taken for granted?
- Input validation
- Boundary conditions
- Encrypt data as necessary
- Principle of least privilege
- White lists are better than Black lists
It is simple economic theory. We are talking high-school level. If you
think about it for a moment, you will come to understand.
First, think of a few things in life outside IT. I will pose a few
questions and see if you can answer them:
- Are all cars of the same quality? Why do you pay more for a Lexus over a Hyundai?
- Do you have to take insurance on a trip?
Now some that are a little closer to home:
- Are all door locks of the same quality?
- Do all houses come with deadbolts and alarm systems?
- Do all cars have a LoJack installed?
- Do all windows on all houses have quality locks?
- Are all windows made of Lucite (which is childproof)?
The simple answer is that quality varies with cost. If you want more,
you pay more. This is honestly a simple exercise. Quality software
does exist. If you like, you can go to the old US Redbook standards and
have an “A”-class software verification. Except that that copy of
Windows 10 will now cost $10,000+.
In the past, I was contracted by gaming companies to complete code reviews and to test software for security. I would both verify the findings from static-analysis software used to test code, and review the code manually to gain a higher level of assurance. Even then, this is not perfect as modelling complex
interactions is more time consuming and error prone.
I would do around 190 to 220 lines of code an hour on a good day for a
language such as C. Less for Assembly. My rates were charged hourly. An
analysis of Windows would take over 50,000 man hours at this level. This
excludes the fixes. This excludes the add-ons.
How many million lines of code are in Bitcoin, how many are added and changed?
When we think of all the planned changes, the updates, the additions. The things that Core added to make BTC no longer Bitcoin (like SegWit), we start to see more and more room for error as developers “experiment” trying to make Bitcoin into something it is not nor can be.
Each change, each experiment to alter Bitcoin is a disaster waiting to happen. What is needed is simple; to lock the protocol and allow business to start to use Bitcoin for any purpose they are willing to pay miners for.
Bitcoin is not a system for social equality, it is cash.
You get what you pay for.