WebApp Sec mailing list archives
Re: Secure Coding? Bah!
From: "Adam Tuliper" <amt () gecko-software com>
Date: Fri, 23 Jan 2004 00:08:34 -0500
oh completely agreed about training them. When I sit down with a group of developers and show them security techniques.. they are _always_ interested. It just concerns me that they didn't have a clue about any of it until I told them. Thats all my point really is. They never went out on their own to learn it, they were never approached to learn it, etc. ----- Original Message ----- From: "Mark Curphey" <mark () curphey com> To: "Adam Tuliper" <amt () gecko-software com>; <webappsec () SECURITYFOCUS COM> Sent: Thursday, January 22, 2004 11:01 PM Subject: Re: Secure Coding? Bah!
Interesting but I have exactly the opposite opinion and experience. I know
you often get great buy in from developers interested in new techniques and new challenges. If you approach them with a whip you have to expect a fight, but when approached with compassion people almost always want to do the right thing.
To use your dog analogy, if you dont train them then you will never get
better. This is like saying, my dogs always going to poop on the front step, gotta use the back door and accept it!
Just my humble opinion ;-) ---- Adam Tuliper <amt () gecko-software com> wrote:credentials or not.. he's right on almost every aspect. Almost every company I've done work at had pretty insecure code that I had to fix. I know of almost no peer developers who are security conscious, as well as I know no developers personally that were taught security as part of their training. It never ceases to amaze me how many developers know next to nothing about writing secure code. You tell them about a sql injection attack and they look at you like a dog who just heard a funny noise and turns its head sideways. Ironically the only people I know who seme to have any idea about security are the same ones who could hack your systems. Seems like this needs to be more two-way knowledge but most developers just don't care. On Thu, 22 Jan 2004 21:42:24 -0500 (EST) Mark Curphey <mark () curphey com> wrote:Does anyone know of any information about this authors credentials to make these claims ?
http://infosecuritymag.techtarget.com/ss/0,295796,sid6_iss306_art550,00.html
--------------------------------------------------------------------- Web mail provided by NuNet, Inc. The Premier National provider. http://www.nni.com/
Current thread:
- Re: Secure Coding? Bah!, (continued)
- Re: Secure Coding? Bah! Juridian (Jan 22)
- Re: Secure Coding? Bah! David Wall @ Yozons, Inc. (Jan 22)
- RE: Secure Coding? Bah! Taco Fleur (Jan 22)
- RE: Secure Coding? Bah! Tim Greer (Jan 23)
- RE: Secure Coding? Bah! Taco Fleur (Jan 23)
- RE: Secure Coding? Bah! Tim Greer (Jan 23)
- RE: Secure Coding? Bah! Taco Fleur (Jan 22)
- Re: Secure Coding? Bah! Adam Tuliper (Jan 22)
- RE: Secure Coding? Bah! Taco Fleur (Jan 22)
- Re: Secure Coding? Bah! Mike Hoskins (Jan 24)
- RE: Secure Coding? Bah! Tim Greer (Jan 24)
- RE: Secure Coding? Bah! Dinis Cruz (Jan 25)