"Software assurance, the practice of designing and testing software to exclude vulnerabilities, has been apparently neglected completely by the Pentagon and the defense contractors that supply it with precision weapons, ISR, and command-and-control capabilities. With the famous Trustworthy Computing Memo written by Bill Gates, Microsoft embarked on a massive SA effort in 2002 when it became apparent that vulnerabilities in Windows and its applications represented an existential threat to its market. Software development was halted for a full year as every engineer was trained in the methods of code scanning and secure software design practices. While not perfect, that effort paid off eventually. A decade later, the latest versions of Windows are relatively good.
The Pentagon made a mistake common to many manufacturers. They assumed that because their systems were proprietary and distribution was controlled there would be no hacking, no vulnerabilities discovered, and no patch-management cycles to fix them. This is security by obscurity, an approach that always fails over time.
I couldn't say it better myself
before a bullet or weapon is used it is tested and tested and tested over again
not so with software and code and networks...... there are too many suppositions and there is so much neglected that you can't assume that they are safe, on the contrary
this is why it is so interesting to build up cyberwar capabilities ..... because you know that they will work when battle arrives... but what Ukraine shows is that the real battles won't be with software and code but with soldiers, weapons and bullets.... like holding on to an airport with a few guys with only guns and a few tanks