Mark.BJul 12, 2023
Mike Sheward

Software security lessons from someone who has spent a number of years cleaning a toilet used primarily by a small child:

1) end users cannot be trusted to provide input in the way you expect, they will continue to surprise you
2) end user input will make it way to places you thought impossible
3) end user input utimately will need to be sanitised multiple times

Jul 9, 2023 at 6:00pmWeb
Show threadMans RJul 10, 2023
@SecureOwl And in cases like yours, the end user too will need to be sanitised.
Show threadBolo LacertusJul 10, 2023
@SecureOwl Amen.
Maybe an extra:
- End user perception of the needed skills and proficiency in delivering inputs is only present after said skills are precent. Failures are always attributed to infrastructure or technology as a consequence.
Show threadNoah CookJul 10, 2023

@SecureOwl Many years ago, I briefly tried a stint of programming as a fallback career (fixing the American healthcare system is better for my blood pressure, really).

At one point I remember ranting to my boss that our beta testers were among the least competent people I have ever met, I started to ask how these people turn on their computers without burning down their own homes...and it finally hit me. My boss was a genius:

You can't fool-proof software without testing it on fools.

Show threadParade du Grotesque 💀Jul 10, 2023

@SecureOwl

Accurate.

In both cases.

Show threadJames WilliamsJul 10, 2023
@SecureOwl @memory One common way to avoid this is to put off having end users indefinitely.
Show threaddaymJul 12, 2023
@SecureOwl
https://xkcd.com/327
Exploits of a Mom

xkcd
Show threadFlorian CellierJul 25, 2023
@SecureOwl sometimes, that makes me fear but after many seconds I realize it is real