>How did we get to the point where this is acceptable?
IMO, bad actors.
40 years ago we didn't need much in the name of cyber security, restrictions, controls, etc. You most likely personally knew the vast majority of other people that had any kind of access to your systems, or that you exchanged any kind of electronic data with.
As the aperture of users and developers has opened, risks have increased. There is probably some analogy here similar to how the value of network increases exponentially with the number of connected devices, the risk factor increases exponentially with the number of users and potential software developers for an ecosystem.
Exactly. Even major “trusted” third parties like Adobe can’t actually be trusted to keep their fingers out of parts of the system they have no business poking around in. Time and time again it’s been proven prudent to treat third party devs as hostile parties by default, with trust being hard-earned.
IMO, bad actors.
40 years ago we didn't need much in the name of cyber security, restrictions, controls, etc. You most likely personally knew the vast majority of other people that had any kind of access to your systems, or that you exchanged any kind of electronic data with.
As the aperture of users and developers has opened, risks have increased. There is probably some analogy here similar to how the value of network increases exponentially with the number of connected devices, the risk factor increases exponentially with the number of users and potential software developers for an ecosystem.