As someone who spends time programming, I of course find myself in conversations with people who aren’t as familiar with it. It doesn’t happen all the time, but these discussions can lead to people coming up with some pretty wild misconceptions about what programming is and what programmers do.
- I’m sure many of you have had similar experiences. So, I thought it would be interesting to ask.
… You know not all development is Internet connected right? I’m in embedded, so maybe it’s a bit of a siloed perspective, but most of our programs aren’t exposed to any realistic attack surfaces. Even with IoT stuff, it’s not like you need to harden your motor drivers or sensor drivers. The parts that are exposed to the network or other surfaces do need to be hardened, but I’d say 90+% of the people I’ve worked with have never had to worry about that.
Caveat on my own example, motor drivers should not allow self damaging behavior, but that’s more of setting API or internal limits as a normal part of software design to protect from mistakes, not attacks.
It’s fair to point out that not all development is Internet connected, but ~58% of developers work in web dev.
5% in desktop apps
3% in mobile
2.4% in embedded
And then of the remaining I’d be shocked if few of their domains excluded Internet facing devices.
https://survey.stackoverflow.co/2023/#section-developer-roles-developer-type
But you’re right to point out development isn’t a monolith. Professionally though: anyone working in a field where cybersecurity is a concern should be thinking about and knowledgeable of cybersec.
I didn’t realize just how siloed my perspective may be haha, I appreciate the statistics. I’ll agree that cyber security is a concern in general, and honestly everyone I know in industry has at least a moderate knowledge of basic cyber security concepts. Even in embedded, processes are evolving for safety critical code.