Cybersecurity and Simondon's Concretization Theory: Making Software More Like a Living Organism

The cybersecurity crisis has destabilized the field of informatics and called many of its foundational beliefs into question. This paper argues that Gilbert Simondon’s theory of the origin and development of technical objects helps us identify faulty theoretical assumptions within computer science and cybersecurity. In particular, Simondon’s view is that the process of the ‘individuation’ of technical objects can have similarities with the development of living beings – a view that stands in stark contrast with hylomorphic and reductionist views of technical objects currently common in computer science. We argue that those common hylomorphic approaches to software development lead to excessive modularity in software applications, which in turn results in less secure systems. To investigate a new ontological basis of software security, we look to Simondon’s ontology to reconsider what makes a piece of software vulnerable in the first place, and we focus on two concepts in his general theory of ontogenesis – ‘individuation’ and ‘associated milieu’. By examining a case study of a malware infection attack, we show that the event of a cyberattack unleashes a ‘co-concretization’ process of software applications and their associated milieu, namely, their operating system. Both the application and the operating system evolve from an abstract form to a more concrete form by re-inventing their own interiors and re-orienting their relationship to each other. We argue that software development will be more secure if it takes inspiration from the development of living beings and refocuses on the dynamic reciprocal relationship between software applications and their technical and social environment.