> There is sparsely little real “engineering” that goes on in the field of “software engineering”, industry wide
There surely is actual engineering but it's scattered unevenly across companies. It's funny that Crowdstrike did fuzz their code but didn't even check for correct arity. I think that the Cybersecurity industry isn't such a strong adopter of sophisticated engineering techniques as for instance in Web development where new testing techniques evolve every few years.
I really don't think that's true. All software is undertested and it's likely that there isn't a significant differences between web apps and security apps.
Having said that, writing ring 0 drivers an unsafe language sounds like an invitation to disaster. That's what went wrong with CrowdStrike. You don't need any testing to avoid crashing the OS when given a bad virus definition file. (Making the virus definition file do something useful... sure, you're gonna need tests for that.)
There surely is actual engineering but it's scattered unevenly across companies. It's funny that Crowdstrike did fuzz their code but didn't even check for correct arity. I think that the Cybersecurity industry isn't such a strong adopter of sophisticated engineering techniques as for instance in Web development where new testing techniques evolve every few years.