Security is hard — Part the millionth

Even with the best of intentions, your software is likely to have holes in it. This may not even be your fault, the software you rely on may have holes in it. However, in many (most?) cases, you find that

• You probably have poor security practices. (Remember Filippo and his NAS?)
• In quite a few cases, you’ll have bad security practices (“I’ll roll my own crypto!”)
• Lets not get started with the no security practices crowd (how much stuff out there has admin/admin as the default? Especially “security” cameras?)
• And, of course, there is the misplaced security crowd (complex access control to the software, but no restriction on the backups in S3)
• Or, heck, necessary lack of security (ad-tech that “phones home” with information)

With all the above, it would be miraculous to get everything right…