just brew it! wrote:I feel like almost nobody writes real code any more. Most applications are developed by duct taping a bunch of canned libraries together, with only a superficial understanding of what's really going on. While this typically results in quicker development turnaround, it also results in a horribly bloated product which has such a large potential attack surface (due to all the superfluous, poorly understood 3rd party code shipping with the application) that you can never have reasonable certainty that it is secure.
You're not wrong. Didn't you work in the Avionics world for a bit, too? I'm sure, especially coming from that background, that it looks
even worse.
I think the bigger problem is a combination between 1) not being given enough time to deeply understand all the libraries you need to use and 2) The documentation not necessarily existing. #1 usually applies far more often than #2, though, for the big ones that are F/L/OSS.
Gigabyte AB350M Gaming-3 | R7 1700X | 2x8 GB Corsair Vengeance DDR4-3200 (@DDR4-2933)| Samsung 960 Evo 1TB SSD | Gigabyte GTX1080 | Win 10 Pro x86-64