A Final Thought
If you learn only one thing from this book, it should be this:
There is simply no substitute for applications that employ secure defaults. |
This means building secure, quality software that operates with least privilege, has multiple layers of defense, and has the smallest possible attack surface. You must build software this way because you cannot predict how future attacks will occur.
Do not rely on administrators applying security patches or turning off unused features. They will not do it, or they do not know they have to do it, or, often, they are so overworked that they have no time to do it. As for home users, they usually don't know how to apply patches or turn off features.
Ignore this advice if you want to stay in security-update hell.
Finally, you cannot abdicate the security of your product to anyone else. Long gone are the days when security was an art understood by a few; it is now part of everyone's job to deliver secure software. You can no longer stick your head in the sand.
Ignore this advice at your peril.