Why is proprietary #software so bad and full of #vulnerabilities?

The sales department probably doesn't know any better and only has its commission in mind and just sells the software, that's their job. I'm not so sure about the management, whether they are clueless or just think that no matter how bad the software is, we can earn even more money with support contracts. There are certainly a few clueless developers who are kept so busy that they barely manage to complete their tasks but have no time for quality assurance. However, a large part of the developers will realize what is being played and then either change jobs after 2 years if it becomes unbearable or try to justify the quality of the software according to the motto it is a feature and not a bug. Ultimately, the only option left to cybersecurity is to secure vulnerable software with supposedly better security software. Bugs are not fixed unless public pressure is so strong that it is unavoidable and with one fixed bug, three new ones are installed. The supposedly secure security software all too often turns out to be snake oil, which only brings further security risks, which then have to be secured by further security software and you find yourself in a never-ending cascade, which becomes ever more dangerous and expensive but brings no security gain. There is even a technical term for this, called security theater. At the end of the day, all the management wants to say in its press release is that the hackers were diabolical criminals and probably had state support, but that the company had done everything it could to defend itself with the latest security software. The starting position is therefore clear. There is money to be made from security vulnerabilities and proper security means a lot of work. Economic considerations are therefore made here, according to which quality assurance can be saved because the customer can find and report the errors after all.

I'm pretty sure I'm not the smartest or the best developer, but I've figured it out and I'm always surprised that I often meet colleagues who are very confident about cybersecurity in the company because there is security training every year. I don't see any possibility of developing secure software at all under capitalism because profit is always valued higher than security.

#developer #management #economy #capitalism #profit #finance #security #cybersecurity #bug #fail #system #problem #hack #hacker #malware