I hear two narratives on security:
1. Computer security is a permanent mess and perfect defense is impossible.
2. In the long run we can just solve computer security with formal methods.
Which is right? I'm real skeptical of the second, but is it theoretically possible. https://t.co/fBNo8dM8wG
โ Wolf Tivy (@wolftivy) October 10, 2022
Formal methods are too difficult and time-consuming. Formal methods increase the development time and cost 1,000x to 10,000x (or more), so can only be used for absolutely-must-work software and even then, usually only crucial parts of that software.
This will pretty much always be the case, so formal methods are not the solution we are looking for.