1 hour ago · 7 min read1434 words · Tech · hide · 0 comments

In security we like to say that the problems live in the gaps between systems. Each system, on its own, is usually coherent. It has a threat model, invariants, and someone who owns it. The seam between two systems is owned by nobody, and each side quietly assumes the other is handling the thing that neither is. The load balancer assumes the backend validates. The parser assumes the canonicalizer normalized. The audit covers the software but not the network it runs on. Attackers don’t have to beat either component. They just have to find the assumption neither side wrote down. The attacker gets to pick the threat model, and they pick the one that lives in the seam. Once you see this pattern, you see it everywhere, and not just in security. Quality Lives in the Gaps of Ownership In software quality, the same topology produces a different failure class. Security gaps produce exploits. Ownership gaps produce jank. A user’s journey through a product is inherently horizontal. They sign up,…

No comments yet. Log in to reply on the Fediverse. Comments will appear here.