, Bass wrote

@AndyC:

They aren't sitting with their hands in the air saying "you'll never have secure 3D". It's something that is actually as evildictator said, mostly an implementation issue.

But security isn't something you can just "bolt on" to an existing API specification each and every time something new crops up. Much more thought needs to go in to every aspect of the initial design to minimize the possibility. If you don't sooner or later you end up with something that is pretty much "unfixable" without breaking every application that depends on it. You only have to look at how cludgy Session 0 isolation and UIPI are at trying to patch up the Win32 message queue's fundamental flaws to see where a poor inital design (from a security standpoint) leads.