Adam Shostack :donor: :rebelverified: on Nostr: I know there's a long academic literature on the question of "do programmers make ...
I know there's a long academic literature on the question of "do programmers make similar mistakes." Has that work been extended to security? Do programmers make the same sorts of security mistakes when writing similar programs?
Published at
2025-12-08 00:12:12 UTCEvent JSON
{
"id": "6b4ad2cf616dfa2f200257884d443e72cf61381d6f7d0a745b9d6ab939f5b446",
"pubkey": "87b08bf48dd639cf2e6c33b46f98146b44f40e05a696274012a159463398437d",
"created_at": 1765152732,
"kind": 1,
"tags": [
[
"proxy",
"https://infosec.exchange/@adamshostack/115681049472976795",
"web"
],
[
"proxy",
"https://infosec.exchange/users/adamshostack/statuses/115681049472976795",
"activitypub"
],
[
"L",
"pink.momostr"
],
[
"l",
"pink.momostr.activitypub:https://infosec.exchange/users/adamshostack/statuses/115681049472976795",
"pink.momostr"
],
[
"-"
]
],
"content": "I know there's a long academic literature on the question of \"do programmers make similar mistakes.\" Has that work been extended to security? Do programmers make the same sorts of security mistakes when writing similar programs?",
"sig": "c6dc9be1666b4dc79077b1776ff268a4f1f78966a7982e186eed76df78c7a29e0bba9be88ba77c3bf7f7cdea56ac0d23beccc963c8536bb5bda8bd97cf8b3c60"
}
