WebApp Sec mailing list archives
Re: Secure Coding? Bah!
From: Juridian <Juridian@localhost.localdomain>
Date: Thu, 22 Jan 2004 21:22:26 -0800
I've had pretty much the same experience with few to no other developers having any security knowledge. Some didn't have the time to learn it, others thought it was a waste. I recently read the book 'Building Secure Software' (http://www.buildingsecuresoftware.com) and it has opened my eyes to the position of Security Engineer in Development. It might be worth it for some of you to take a peek. It promotes software developers who focus on security and help by auditing design, auditing source, consulting with the other developers, helping set coding standards, etc. I currently fill this role (without the official title of course) at my current workplace since I'm the only developer with actual security training. Heck, I've hit as many GIAC courses as the corporate security officer. I think the author of the article was on a rant. Things are changing....slowly....but changing. - Ernie
Almost every company I've done work at had pretty insecure code that I had to fix. I know of almost no peer developers who are security conscious, as well as I know no developers personally that were taught security as part of their training.
Seems like this needs to be more two-way knowledge but most developers just don't care.
Current thread:
- Secure Coding? Bah! Mark Curphey (Jan 22)
- Re: Secure Coding? Bah! Adam Tuliper (Jan 22)
- RE: Secure Coding? Bah! Taco Fleur (Jan 22)
- RE: Secure Coding? Bah! Patrick Chavez (Jan 22)
- Re: Secure Coding? Bah! Juridian (Jan 23)
- Re: Secure Coding? Bah! Juridian (Jan 22)
- Re: Secure Coding? Bah! David Wall @ Yozons, Inc. (Jan 22)
- RE: Secure Coding? Bah! Taco Fleur (Jan 22)
- RE: Secure Coding? Bah! Tim Greer (Jan 23)
- RE: Secure Coding? Bah! Taco Fleur (Jan 23)
- RE: Secure Coding? Bah! Tim Greer (Jan 23)
- RE: Secure Coding? Bah! Taco Fleur (Jan 22)
- Re: Secure Coding? Bah! Adam Tuliper (Jan 22)
- <Possible follow-ups>
- Re: Secure Coding? Bah! Chris Kirschke (Jan 22)
- Re: Secure Coding? Bah! Mark Curphey (Jan 22)
- Re: Secure Coding? Bah! Adam Tuliper (Jan 22)