The State Of Software Security In 2019

…And What To Do About It

The Good, The Bad, The Ugly and the Future…

My goal in this post is to skim my observations on the state of software design and development over the past year, and to try to find a meaningful way forward for myself for 2019. My perspective is limited by the fact that I have worked exclusively in client-side software security for the past 7.5 years. Still, I think there are broad trends visible even to me, and some clear signs about where we need to go as an industry.

I hope that this post is useful to a variety of security people: not just engineers, but also UX designers and researchers, project/product/program managers, people and business managers, and operations. In any case, all paths to success require the help of all those kinds of people. This post is even more of a link-fest than usual; I hope that’s useful.

The high-order bit in much of the below is complexity. Hardware, software, platforms, and ecosystems are often way too complex, and a whole lot of our security, privacy, and abuse problems stem from that.


Full work – by Chris Palmer is in the Creative Commons, under the terms of the Attribution-NonCommercial-ShareAlike 4.0 International License.



Founder of Aneddotica (Anecdotic) Magazine, webmaster and something more... FoaF Profile

Latest articles

Related articles

Leave a reply

Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.