Premature optimization is the enemy of security

We read continually about new buffer overflows in tools that allow ‘bad guys’ to take over various systems. This week the unfortunate program was Avast AV. The bit that always surprises me is these issues are still occurring in code written relatively recently, we’ve known how to fix all these issues for many years, yet people keep writing code that has these defects. I’d argue that the main cause of this is premature optimization and ignorance.