I don't think more than a tiny fraction of programmers are capable of writing secure software under such an approach; unix's reliance on unstructured interfaces means misunderstandings and "confused deputy" style attacks are inevitable. IMO our industry fetishizes performance to an absurd degree in proportion to how bad we are at correctness and basic security. I do think we're due a reboot (and to a certain extent we already have one in the (typed) functional programming revolution), but one that focuses on writing software that does what was intended, rather than obsessing over shaving pennies-worth of cycles off program runtimes.
> IMO our industry fetishizes performance to an absurd degree in proportion to how bad we are at correctness and basic security.
I completely disagree. Our industry (or at least parts of it) have absolutely no concern for performance or power consumption (electron is one of the main culprits here, but the issue existed with Java/swing before,and im sure it existed before that too). For the most part, our industry is just as bad at security though, you're right.
I disagree about correctnesd though - correctnesd isnt a binary thing, it's a scale. Some things matter more for correctness (it's ok if we miss an animation transition, it's not ok if we have bad rounding in our financial software). Overall we have a decent grasp of the severity of issues and in prioritising what to ensure is correct.
I think we need an increase in software refunds and lawsuits due to security exploits in cloud and IoT deployments for companies to start paying attention.
