security/will-appear.md: mention learning

bagder · Jan 7, 2025 · 98a05d2 · 98a05d2
1 parent a786909
commit 98a05d2
Showing 1 changed file with 12 additions and 0 deletions.
diff --git a/security/will-appear.md b/security/will-appear.md
@@ -24,3 +24,15 @@ sure that parts of your audience will react badly.
 They will think that because you published a security vulnerability, your
 project has a bigger problem of insecurity. As if not all actively developed
 projects get these problems, either open or proprietary.
+
+## Learn
+
+Every security incident is a chance to learn. Mistakes are for learning. Why
+did this error slip through and cause this problem? What code pattern can we
+detect or prohibit to prevent this or similar mistakes to happen again?
+
+This is hard. In my experience, most security problems feel like one-offs and
+rare circmstances that happened because of strange changes and your own
+stupidity. Seeing patterns and adjusting ways of working to prevent future
+flaws is difficult work but should always be attempted, to make the most out
+of every CVE.