"one had to understand the hardware to get the best out of it."
One still does have to understand the hardware to get the best out of it. Otherwise you'll just get the minimum out of it compared with what's possible. The problem is that this has been largely forgotten in the race tro beat competitors products 'out the door'.
Software is, always has been and always will be, no more than a way of generating the signals that control hardware. The majority of vulnerabilities at the 'metal level' originate in failure to take account of the physical nature of the hardware, but that's hardly taught these day - not at all in commercial development or even security practitioner training. Indeed when I included a reference to Boolean algebra in the content of a security practitioner training course I was told by the approving body to take it out because the candidates wouldn't know what that meant.
Sadly, the only really informed folks in the software domain to this level of detail appear now to be those who write and those who independently discover the vulnerabilities.
However the problem could be reduced hugely by the simple expedient of proper testing. By proper I mean testing exhaustively for what should not happen as well as what should.
Biting the hand that feeds IT
