I know I’m preaching to the choir, but this should be a delight for Qubes’ supporters to read:
From the top comment of Hacker News’ discussion of “SolarWinds hack was ‘largest and most sophisticated attack’ ever: MSFT president”
I’ve found my experience designing gearboxes for Boeing has applicability to software design. For example, the fundamental idea with airplane design is not to design components that cannot fail, as that is impossible. The idea is to design the system to be tolerant of failure . Every part in the system is not “how can we make this part never fail” but “assume it failed. How does the airplane survive?”
This is a fundamental shift in viewpoint.
It seems pretty well established that making secure software is impossible. Time to pivot to designing software systems that are tolerant of inevitable security breaches.
One example of this is compartmentalization. A single breach must not have access to all the sensitive data. Another is backups must be air gapped (or put on physically read-only media) so ransomware cannot compromise them.
Compartmentalization is used in battleship design, aircraft design, spy networks, etc. Time to use it in software systems design.
P.S. Just to be clear, one still strives to design airplane parts so they won’t fail, it’s just that one does not rely on them never failing.
P.P.S. It’s really really hard to sink a battleship as they are so compartmentalized. See the sinking of the Bismarck and the Yamato.
Still no mention of Qubes in that thread, yet.