I recently saw the movie: "The Boy Who Harnessed The Wind" on Netflix. It made me think, that solutions to complex or even existential problems could be very simple . For some of us who are in cyber security field we are quite the opposite. We tend to view cybersecurity strictly from technology viewpoint, ever searching for complex solutions and complex procedures for simple problems.
Take for example, migration to cloud. Before I took upon an in-depth study of cloud paltform, I was led to think of cloud as something very complex requiring very specialized skill sets. Frustrated with this mind-set, I decided to take on the study of Amazon Web Services (AWS) Solutions Architect. As I went through the course, I found that working in the cloud was more simpler than that in on-premise environments. A few clicks and you can have web servers and applications running. I remember spending days building web servers and making applications run on a bare-bone box which IT would hand me over. Perhaps that hands-on experience made it easy to understand the cloud. That hands-on experience taught the fundamentals and a tendency to seek simplicity even in most complex situation.
Many of the vulnerabilities listed on OWASP Top 10 have been there for many number of years. For example, Injection flaws or Cross Site Scripting. One possible explanation could be, rather than addressing the root cause, most security professionals and developers tend to focus on complex coding approach. I have designed the applications at user interactions level and the backend processing level, focusing primarily to eliminate the root cause. And that has worked. Once you address or eliminate the root cause, complex coding would simply be decoration that would enhance the robustness of the application.