Even more dangerous, mobile devices using applications for healthcare and payments contain a lot of exploitable information, and many developers use obvious naming techniques in the code they write that make sensitive information easy to uncover. Paul believes that computer science education could be to blame for not teaching developers thoroughly about security. On the company level, most large organizations are pushed to have the fastest, first to market solution to each new advancement in technology, which influences them to set security concerns aside and/or to add it on later in order to release new applications or platforms.
Paul and Aaron agree that if security is an afterthought added onto the product, it’s way too easy to hack. Many products today have these basic flaws, and managers and developers should learn from their mistakes and learn to build in security from the beginning. Paul predicts that “in three years, binary-level analysis, especially on mobile platforms, is all anybody’s going to be talking about and thinking about in terms of solutions.”