Signal creator Moxie Marlinspike says that the security community should look to restore the sense of “magic” in product development.
Speaking at the 2024 Black Hat USA conference, the industry vet told attendees that with more layers of abstraction and a lack of transparency, developing new and innovative techniques is becoming more difficult than ever.
[For up-to-the-minute Black Hat USA coverage by SC Media, Security Weekly and CyberRisk TV visit our spotlight Black Hat USA 2024 coverage page.]
“When I was a kid and discovered software, magic existed. The only thing you needed was a computer and it didn’t have to be a good one,” he mused.
“I feel like this magic has been diminishing over time.”
The Signal founder explained that as development has become more complex with various components of a project divided amongst teams, those building the software simply don’t have the knowledge or insight needed to develop innovative solutions to problems.
“Again and again we see a deep understanding of tools and technology are what delivers a surprising result,” Marlinspike said.
“When you have teams that are treated like black boxes it can be hard to have the insights needed.”
The security icon would go on to single out the security professionals at the Black Hat conference as one possible solution to this issue. Noting that many security professionals and administrators will have a deeper understanding of products and protocols than the development teams charged with fixing problems.
“You have been sitting in the library understanding how it works,” he told attendees.
“Think about ways that what you understand can be applied to the problems you completely aware of. The only secret is to begin”
Marlinspike, who founded Signal as a one-man operation called RedPhone, conceded that with modern applications, it can be impractical for an individual developer to fully build and maintain a project, especially at scale.
“In many ways I think software development has gotten more diff over time,” Marlinspike said in a conversation with Black Hat founder Jeff Moss.
“It used to be you only had to write one version of your software, now you have to write three, and that is not a sustainable thing for one person.”
[For up-to-the-minute Black Hat USA coverage by SC Media, Security Weekly and CyberRisk TV visit our spotlight Black Hat USA 2024 coverage page.]
