As developers, the last couple of years have been forcing on us a strong focus on Security.
This is not by choice, but because the raising reliance on distributed applications has also brought an incentives for cyberthreats/cybercriminals in breaking existing systems.
Most of the systems are not perfect.
The fact being that the distance from perfection moves asymptotically with costs: you have to draw the line somewhere.
As of old this "somewhere" was pretty much the same as the shipping line: implement it, put it on a CD, ship it to the customer: Done.
We can no longer afford this in most of the cases, and that means that there are costs that we used not to factor in an application implementation, together with the risks.
Microservices and fancy frontends, beside their upsides, present a huge attack surface, and while I believe the industry has mature solutions for securing the backends such as API and data, the frontend is still living a dangerous time where there is still a lot of experimentation and a dangerous variety of creative approaches.
Complexity is still an enemy of Security, and when we're at solving complex problems, that's something we need to deal with.
But sometimes we bring in complexity for the sake of it: long term this might cost you much more than you think, if you're not careful:
Top comments (0)