HOW CAN WE MAKE PROGRESS ON SECURITY?
"To this very day, idiot software managers measure ‘programmer productivity’ in terms of ‘lines of code produced,’ whereas the notion of ‘lines of code spent’ is much more appropriate.
Answer 1: Eliminating bugs
Answer 2: Eliminating code
Answer 3: Eliminating trusted code
Distraction 1: Chasing attackers
Distraction 2: Minimizing privlege
Distraction 3: Speed, speed, speed