Re: Bah!
>>Of course they'll need to able to drive - I guess it will be years before self-driving cars become trully autonomous<<
Well, in future I'm going to ask any one I give a lift to whether they can drive or not. 'Can't drive - you're out of luck, can't come in my car'.
>>You must be having a laugh now. The one thing we know is that bugs exist<<
No laugh at all. Yes bugs exist - they can be exploited, but when we find an exploit, we patch to close that hole. That is reactive security.
I've already posted this link for someone else, but please go and read and digest and thoroughly understand the axiomatic approach to system design and programming:
https://www.cs.cmu.edu/~crary/819-f09/Hoare69.pdf
Proactive security says we put security into the system to begin with. We think about it and build systems accordingly.
What you are suggesting is to give up altogether and just resort to reactive security. Both approaches are needed.
Many attacks use well-known mechanisms - the main one is a typical C and low-level machine defect - allowing writes beyond an end of buffer. This can also be used to subvert the stack. We can design machines where this is just not allowed and a whole large category of attacks goes away. Thus we should check that a process or data structure only reads and writes into the memory that it was allocated - bounds checking.
Most people who consider themselves software designers and programmers have a hard time understanding this. They think it is just the natural order of things. Well, it's not. In networked systems and systems with many interacting processes being in security a priori is essential, otherwise we are continuing to react to things.
So if computer people find this hard to understand - how can we expect end users to be this sophisticated. Although, it is often true that explaining such things is easier to someone with no knowledge than to those who think they have knowledge.
Software verification (against bugs and defects) is closely related to security. Having machines with bounds checking, and checks for other breaches benefits both software correctness and security.