The discipline of software engineering is young. Although Lady Ada got us started in 1842 – 1843, it was not until the 1940s that people began programming computers in earnest, and it was not until the 1970s that we got any designs worth keeping (Unix, VMS, C, TCP/IP, Alto; Lisp, from 1958, is an exception). Although we do not yet know very much about how to make software, we do know a few things that are likely to guide us into the future.
“When in doubt, use brute force.” (Ken Thompson) “These days, though, you have to be pretty technical before you can even aspire to crudeness.” (William Gibson, in Johnny Mnemonic)
“C programmers know the cost of everything and the value of nothing.” (unknown) “Lisp programmers know the value of everything and the cost of nothing.” (Alan Perlis) However, “We should forget about small efficiencies, say about 97% of the time: premature optimization is the root of all evil.” (Donald Knuth)
Problem Exists Between Keyboard And Chair (PEBKAC). Although novice engineers believe this dictum applies to users, experienced engineers know that it applies to engineers. This is because “There are two ways of constructing a software design; one way is to make it so simple that there are obviously no deficiencies, and the other way is to make it so complicated that there are no obvious deficiencies. The first method is far more difficult.” (C. A. R. Hoare) “A specification that cannot be fit on one 8.5 x 11 inch piece of paper cannot be understood.” (Mark Ardis)
Software security is a process, not a product (Bruce Schneier), but that is true of software generally. Attempts to freeze software in time and make it into a finished product have increasingly lower viability over time.