Building network automation solutions

9 module online course

Start now!

State of IT Security in 2021

Patrik Schindler sent me his views on code quality and resulting security nightmares after reading the Cisco SD-WAN SQL Injection saga. Enjoy!


I think we have a global problem with code quality. Both from a security perspective, and from a less problematic but still annoying bugs-everywhere perspective. I’m not sure if the issue is largely ignored, or we’ve given up on it (see also: Cloud Complexity Lies or Cisco ACI Complexity).

Instead on focusing to not create even more bugs, companies like VMware publish a new vCenter server with some old bugs fixed, some new introduced and a shiny new bling-bling web interface style. Apparently it’s cheaper to pay some icon designers than programmers.

I think, mankind at large is running towards a great catastrophe. Like stretched VLANs, it’s not about if the catastrophe will happen, but when. And maybe how bad the fallout will be.

“With great power comes great responsibility.” — Companies providing software which helps avoid civilization collapse because power stations work, water flows, food is produced, and money is shoveled around the globe have been incredibly lucky so far1. I feel it’s high time to stop depending on luck and start to divert money and time into solid software development processes, including testing, testing, testing. Everywhere.

That will take money, which is often currently spent to make shareholders happy, or on the next bigger Porsche car for the CEO, or silly amounts of bonus payments to managers for saving money — on the wrong things. Money from many to a few. Money which isn’t there to be spent on security expenses, training in best coding practices, etc.


  1. Ignoring Boeing 737 MAX or Therac-25. ↩︎

1 comments:

  1. During the covid times too many people change their job - the interview process is simple...and cost nothing as it is usually remote one...

    New job does not require to change even chairs...

    When your project lose 30-40% people and you need to hire new unexperienced guys... do not expect rise of the code quality...

    I believe it's is real problem nowdays...

Add comment
Sidebar