WebApp Sec mailing list archives
RE: Secure Coding? Bah!
From: "Taco Fleur" <tacofleur () nella net au>
Date: Fri, 23 Jan 2004 14:29:32 +1000
You are right in what your saying, an application does not have to be 100% secure nor can it be 100% secure as long as its on the internet, but I think the point he is trying to make is that *they do not care*, as I have experienced a few times. Taco Fleur Blog http://www.tacofleur.com/index/blog/ Methodology http://www.tacofleur.com/index/methodology/ 0421 851 786 Tell me and I will forget Show me and I will remember Teach me and I will learn ----------------------------------------------- Personally, I work in industry, but while I'm not an "industry leader," I know that there are many businesses that take security seriously when it comes to creating software. I'll grant that we could have better tools to assess our progress, but one way we make more money is by providing a secure solution to our customers. That's our business, though. I've found similar concerns when dealing with IT in telecom, health, banking and brokerage firms. One solution they use is outsourcing or purchasing software that already has a focus on security. As for academia, I don't think "matriculating Ph.D.s" is required since DePaul University and California State University both offer security-related courses. In the end, security is a trade off game. Nothing has to be 100% secure, just secure enough to do business. Maybe Mr. Briney is a purist, so he find no benefit in getting better at security without having total security. Starbucks doesn't put metal detectors and armed guards in its stores, not because they don't care about security, but because the costs are higher than the benefits, including alienating their customers. I think the same is true for software. Good software is designed with security in mind from the get go, and many companies realize that good security makes for a better product. After all, nobody wants their product to be victimized in the public's eye!
Current thread:
- Secure Coding? Bah! Mark Curphey (Jan 22)
- Re: Secure Coding? Bah! Adam Tuliper (Jan 22)
- RE: Secure Coding? Bah! Taco Fleur (Jan 22)
- RE: Secure Coding? Bah! Patrick Chavez (Jan 22)
- Re: Secure Coding? Bah! Juridian (Jan 23)
- Re: Secure Coding? Bah! Juridian (Jan 22)
- Re: Secure Coding? Bah! David Wall @ Yozons, Inc. (Jan 22)
- RE: Secure Coding? Bah! Taco Fleur (Jan 22)
- RE: Secure Coding? Bah! Tim Greer (Jan 23)
- RE: Secure Coding? Bah! Taco Fleur (Jan 23)
- RE: Secure Coding? Bah! Tim Greer (Jan 23)
- RE: Secure Coding? Bah! Taco Fleur (Jan 22)
- Re: Secure Coding? Bah! Adam Tuliper (Jan 22)
- <Possible follow-ups>
- Re: Secure Coding? Bah! Chris Kirschke (Jan 22)
- Re: Secure Coding? Bah! Mark Curphey (Jan 22)
- Re: Secure Coding? Bah! Adam Tuliper (Jan 22)
- Re: Secure Coding? Bah! Mark Curphey (Jan 22)
- RE: Secure Coding? Bah! Taco Fleur (Jan 22)