That may be so now, but that doesn’t mean it’s impossible to change it. That the current default state for software is “likely insecure” reflects the fact that the market price for software security is lower than the cost of providing it.
Laws against software attacks raise the cost of performing such attacks, and therefore lower the incentives for people to ensure the software they use is secure. I think it would be worth a try to take that illegality away, and see if the market responds by coming up with ways to make software secure.
You can’t get really good physical security without expending huge amounts of resources: physical security doesn’t scale well. Software security is different in principle: If you get it right, it doesn’t matter how many resources an attacker can get to try and subvert your system over a data channel—they won’t succeed.
That may be so now, but that doesn’t mean it’s impossible to change it. That the current default state for software is “likely insecure” reflects the fact that the market price for software security is lower than the cost of providing it.
Laws against software attacks raise the cost of performing such attacks, and therefore lower the incentives for people to ensure the software they use is secure. I think it would be worth a try to take that illegality away, and see if the market responds by coming up with ways to make software secure.
You can’t get really good physical security without expending huge amounts of resources: physical security doesn’t scale well. Software security is different in principle: If you get it right, it doesn’t matter how many resources an attacker can get to try and subvert your system over a data channel—they won’t succeed.