It seems computer security is as hot as ever topic. One of ideas that constantly float around is that systems will never be secure, that there will always be someone who is going to whistle nuclear launch codes magically with mystical juju’s called zero days. To me that sounds like anti vaxxer propaganda in modern pandemic like if you get vaccine and you are pregnant you will start to bleed and get cancer like the cancer you get from wind generators. Its similar to communism.
It seems to me that many of these zero days will not be viable in some years or decades time given proper direction of engineering.
During our engineering careers we’ve seen few decades ago that you could if you want for demo purposes write hello world that is vulnerable to buffer overflows. But try that now with any modern tool… It simply is not there anymore. Modern software engineering has developed so much that in latest languages and tech these concepts of having something vulnerable with buffer overflows is a past.
This ties to recent hackernews discussion about rust in the kernel. Although it might not be plausible at the moment the idea of using modern achievements of software engineering and somehow back porting them or similar is certainly not dead. The idea is alive in many operating systems aimed at security, like qubes OS, genode or similar.
The lack of incentives for kernel to open up its management layer to rapid development or scripting style iteration is what I feel that is lacking to drive progress in right direction. Kernel development is slow and not incentivised much except for business needs for parties of interest that usually handle security quite good. Like if you are big company and you are affording kernel developers for your needs these people are educated enough to secure it good.
But to bring benefits of modern languages and resource managers in style of Erlang and go I think that developer communities, that develop kernel, would need to be bigger and having rapid development there will be the key in my opinion.
It seems to me thats exactly what genode and qubes OS and rust in kernel ideas try to do. But their communities are small and not much incentivised.