Operating system security is the upper bound of your application security
Meet Pal. Pal is a senior developer working at PalBank. For the next 6 months, Pal will be responsible for leading the development of the bank’s web application client, which will be used daily by millions of customers.
Pal invests considerable effort into designing and implementing the most secure app reasonably achievable: tightly controlled and secure development, build and deployment pipelines, static code analysis, pen-testing by external parties, multi-factor authentication to access the app and encrypting data at rest. And the list goes on!
Pal’s the best, isn’t he? Unfortunately, while such efforts are essential, they are insufficient! And even if we assumed, for the sake of argument and humour, that the PalBank’s client web app is completely free of all known and unknown software vulnerabilities, the app’s security guarantees are bound to be threatened once consumers run it on their…