Ask HN: If security is so important, why do we make it so hard?
I think we can all agree that server security is important, and general security like protection from man in the middle attacks.
So why do we make it so hard? Why hasn't anyone taken up the mantel to automate even the basics like securing common server setups? Like letsencrypt did for ssl certificates.
There are so many vectors that it's hard to get customers excited about significantly paying more to close just one security door (such as sloppy or uninformed server setup.) Which doesn't mean this won't happen necessarily, just that I'm not counting on it happening soon.