The "Good Enough" Lie in Engineering (www.andrewvittiglio.com)

A recent forensic analysis of C2PA-signed photos from the Google Pixel 10 found inconsistent timestamps and metadata that can be changed without detection, undermining the claim that C2PA provides an unforgeable chain-of-custody from “glass to glass.” When the author filed a bug report, Google’s reply—“logged for potential remediation in a future version”—exemplified a defensive “good enough” stance. C2PA’s promise is powerful: cryptographically signed metadata using X.509 certificate chains, nested manifests embedded in file formats, and a federated trust registry. But those same complexities create implementation gaps, and when core guarantees (authenticity, provenance) are subvertible, the system does more harm than good by giving a false sense of security. The author is building developer tooling (Que) to help bridge these gaps, but the problems are systemic. Beyond this specific protocol, the piece calls out a cultural rot: “perfect is the enemy of good” is being weaponized to justify shipping systems that fail at their primary purpose—especially in security-sensitive domains. The right standard isn’t perfection, it’s “sufficient” correctness: tolerable tradeoffs everywhere except where they invalidate the core value proposition. For security protocols like C2PA, that means fixing foundational flaws (signing model, manifest embedding, trust registry hygiene) rather than deflecting critiques. The takeaway: don’t conflate pragmatic releases with acceptable security failures—engineers should prioritize actually delivering on trust guarantees, not comforting aphorisms.