"But is it productive for us to declare everything unsafe and somewhat give up believing we can build and use safe platforms?"
There's the problem: we. We might be able to do it with time and money. Most startups, publicly-traded companies, regular companies, government groups (esp w/ legacy systems), and IOT makers aiming for max cost-cutting won't do it. Most don't know how but won't make the sacrifices even if they learn. Their incentives plus demand-side tell them not to. So, no reason to think they'll do it any time soon past marginal improvements for public relations.
What can happen is people forming organizations idealogically and/or by charter committed to puting quality/security over highest-margins in their products or services. Look up Praxis Correct-by-Construction for an example who charges 50% premium for software they warranty for quality. Secure64 sells DNS with ultra-hardened OS. GENU builds on OpenBSD. Green Hills has INTEGRITY-178B. OK Labs (now GD) put microvisor in a billion phones. There's some others but really niche and still successful where well-marketed.
We could see more of that. Only problem is they fight an uphill battle since they're expected to include a pile of insecure features and protocols in lots of products. And, despite maximum quality, at same price or cheaper than competition! What could go wrong in such an IT market?!
There's the problem: we. We might be able to do it with time and money. Most startups, publicly-traded companies, regular companies, government groups (esp w/ legacy systems), and IOT makers aiming for max cost-cutting won't do it. Most don't know how but won't make the sacrifices even if they learn. Their incentives plus demand-side tell them not to. So, no reason to think they'll do it any time soon past marginal improvements for public relations.
What can happen is people forming organizations idealogically and/or by charter committed to puting quality/security over highest-margins in their products or services. Look up Praxis Correct-by-Construction for an example who charges 50% premium for software they warranty for quality. Secure64 sells DNS with ultra-hardened OS. GENU builds on OpenBSD. Green Hills has INTEGRITY-178B. OK Labs (now GD) put microvisor in a billion phones. There's some others but really niche and still successful where well-marketed.
We could see more of that. Only problem is they fight an uphill battle since they're expected to include a pile of insecure features and protocols in lots of products. And, despite maximum quality, at same price or cheaper than competition! What could go wrong in such an IT market?!