Why The InfoSec Discourse Is Entirely Composed Of Fallacies?
The deepest root of all the misunderstandings that constitute the InfoSec discourse nowadays is that the normal people («security experts» included) do not understand what is software, and its fundamental difference from the physical world we live in.
The entire realm of software is purely artificial.Not only programs and functions, not only bugs and security holes, but also all the notions and intentions, all phenomena in the realm of software, even those perceived as «natural», are created by a man.
There are no natural laws that a program must follow and obey. While your computer does follow all the laws of physics, your programs do not at all. This very distinction makes a computer useful for us. The purpose and the only purpose of your computer's existence is to create a virtual TABULA RASA world, the world devoid of any laws, the world completely disconnected from the physical reality, the world that you are supposed to populate with laws of your own creation.
In other words, a computer can produce any output from any input — this is the definition and the characteristic property of a computer. This is what they always forget, and I stress ALWAYS.
REMEMBER THAT! If you want to improve your «safety», «cyber security», whatever. Every time you assume any expectation to a program of someone else's creation. Remember that! Every time you are disappointed: I gave this stupid machine a perfect input! Remember what a computer is: a machine that produces any output from any input — no restrictions at all. If you remember it well, first you will stop acting surprised when you wonder into a trap, second you will become more challenging prey, third you will stop believing InfoSec selling stories.