Really…Again?

A new programming error has exposed data for over 180 million phone users.  The problem is that developers of over 680 applications used an incorrect set of access codes to a backend text message provider.  Of course, the provider says that they are not at fault and the developers clearly say that they were following standard practices.  So who is the loser here? You are. Sure, eventually some of these apps will be fixed (most will not do a thing) but the security fiasco and half-hearted fix are symptoms of the real issue: App Security DOES NOT WORK! Application developers are hired to make functionality for users – not protect data and fight against intruders.  Hackers are hired to hack – that is it – get in, overcome whatever meager defenses are in place and wreak havoc. Is there any wonder why hacking is so successful? Applications need to be devoted to users, better experiences and more features.  Security needs to be distinct, separate and transparent to those applications. Security needs to adapt, proactively monitor and enable dedicated security experts to rapidly respond to attacks without disrupting users. Doesn’t this make more sense than hoping companies will stop working on what makes them money and have their security-novice developers overcome fulltime, dedicated hacking teams?