The Internet has serious security problems that need to be fixed. Despite many calls to action over the years for the industry to band together and work on solutions, progress has been mild. What\u2019s needed isn\u2019t necessarily more security technology. What\u2019s needed are better tools for developers so that they can improve the security of their code.In his keynote at Black Hat in Las Vegas, Dan Kaminsky, chief scientist and co-founder of White Ops, advocated for environments and coding frameworks that make it easier for developers to implement security without compromising usability or stifling creativity. His keynote, \u201cThe Hidden Architecture of Our Time: Why This Internet Worked, How We Could Lose It, and the Role Hackers Play,\u201d called on the security industry to think about how new programming environments could have basic functionality and security features built in and turned on by default.\u201cI worry about the ability of developers to innovate without being smothered by security concerns,\u201d Kaminsky told attendees.I caught up with Kaminsky after the keynote to discuss what developers need to continue innovating and developing. During his speech, he said, \u201cWe have to figure out what people want to do and help them to do it safely.\u201d In our discussion, he explained how that meant looking at programming languages, working with containers such as Docker, and sharing code.There is so much innovation and so much technology now that \u201ceveryday developers can do massive things,\u201d Kaminsky told me. \u201cIf they don't have a way to build these technologies securely, all of [developers\u2019] thought is going to leave 'How do we build what users want' and go to 'How do we survive the real world.' It's a drain on people's thought.\u201dThe answer isn\u2019t more standards or theory, but \u201creal-world experimentation,\u201d Kaminsky says. \u201cNo more \u2018If you really care about security, program in this language.\u2019\u201dIt\u2019s one thing to create new tools -- say, programming languages like Rust that stamp out a whole class of vulnerabilities by enforcing memory safety-- but it\u2019s another to see how developers use it. If they aren\u2019t able to do what they need to accomplish with the new tool, they'll figure out a workaround.For example, it\u2019s easy to say stop coding in C because of the chances of introducing memory-related vulnerabilities. However, if the developer needs to embed code, then Python as the \u201csafer\u201d language is not an option. It has to be C. By looking at actual use cases, at how developers are working, we learn about these roadblocks and can start figuring out solutions to address them.\u201cI am not a fan of obtuse, difficult-to-use, theoretically correct but operationally difficult solutions only considerable because they are mathematically correct,\u201d Kaminsky said during his speech. There needs to be people focusing on operational questions to figure out how things really work and come up with practical answers.\u201cWe didn\u2019t stop our cities from burning by making fire illegal or heal the ill by making sickness a crime. We actually studied the problems and learned to deliver safety,\u201d Kaminsky said in his speech. "If we want to make security better, give people environments that are easy to work with and still secure.\u201dDevelopers in organizations are fixing bugs in their applications every day, but because they are not releasing the fixes, everyone else encountering the same bug has to fix it themselves. It\u2019s common developer practice to search Google or poke around GitHub for code samples to common programming problems. Right now, there\u2019s no way to tell if something is done well or if it\u2019s poorly written. The best way to make sure everyone gets the best fixes is to publish the code so that it's available to all.\u201cManagers, you should be letting your engineers share solutions to many of your internal security problems. You\u2019re solving them anyway,\u201d Kaminsky said during his speech. \u201cSomeday, someone\u2019s going to have your problem again.\u201dIf that fix is the first result for a Google search, then more people will use the better code rather than a broken hack they found elsewhere.\u201cThere are a million reasons why technology doesn\u2019t work outside of security. What matters is, it doesn\u2019t work. So the game really is, let\u2019s figure out, what really does,\u201d Kaminsky told me.