It takes time to implement features. Execs and managers don’t want to implement the wheel and developer time costs a lot more money than security vulns.
On the other hand, reinventing the wheel isn’t really great, either.
Part of the reason for bloat is the fact that frameworks and libraries became huge, a basic Spring Boot webserver is already gigantic.
> Part of the reason for bloat is the fact that frameworks and libraries became huge
Absolutely. What I find funny is that the inverse is kinda true, too. Tiny dependencies (as seen in the Javascript world) are also to blame. They’re so small, I’ve noticed some devs say “well it’s so small, what’s the harm of one more?”. Bloat by a thousand deps.
IMO, some things will require obligatory security checks. They will have to be legally binding too. Then businesses might be forced to care.
Without any consequences, nobody will care until something happens.
Removed by mod