Re: Secure Coding? Bah!

[ONEILL David J <David.J.Oneill () state or us>]

GREAT! More Architect/Developer bashing.  As a person who builds architecture
and develops software, I'm sure tired of the beating we get for all the
security woes of the planet.  Although I have never spent a day in a classroom
studying methods to make applications more secure, I do have a Computer
Science degree and around thirty six years of experience building applications
on platforms ranging from the very first microprocessors, to mainframes, to
IBM's new P series machines.  And from what I've experienced the majority of
breaches come from networks and network devices being hacked.

I have met numerous people in my field that were security conscious.  And I
have never met anyone who said that they did not have the time or aspiration
to make their code more secure.  And in this context, the only bad code that I
have had to work with, is code that was developed overseas. My opinion,
outsourcing companies really don't care what the code works like as long as
they get paid.  Our problem is that we do care, so we fix the problems we find
before they cause any issues that management would here about.  And this is
how we shot ourselves in the foot, we tell management what we found but it
never sinks in because they did not see any cost penalty.

My 0.02 rant,

David J. O'Neill
Senior Systems Analyst
Parkway Bldg., 2nd Floor
Phone: (503) 378-2101 ext. 364
FAX:     (503) 378-2103

> > > mark () curphey com 01/22/04 07:23PM >>>
Does anyone know of any information about this authors credentials to make
these claims ?

http://infosecuritymag.techtarget.com/ss/0,295796,sid6_iss306_art550,00.html