Re: The biggest thing affecting software security? People, apparently.

[John Manko <jmanko () johnmanko com>]

The reason there is such a hugh investment in technology is because we 
can't rely on people for security.  No matter how much we try to 
educate, the general populous disregard the significance of security.
In addition, trivial security implementation are met with trivial 
exploits, something that will do the cracker just fine.

. . wrote:

> I wouldn't call 66 votes on your website Nick
> (http://www.mail-archive.com/sc-l%40securecoding.org/msg00758.html), a
> comprehensive tally. It would be interesting to get a larger audience
> involved in this type of question though.
>
> Regards,
>
> - webappsec
>
>
> On 6/29/05, Nick Murison <nick () urgusabic net> wrote:
>  
>
> > Hi all,
> >
> > www.threatsandcountermeasures.com just closed their poll on what people
> > thought was the biggest thing affecting software security.  The results were:
> >
> > People:     80.3%
> > Process:    18.2%
> > Technology:  1.5%
> >
> > Results also available from www.threatsandcountermeasures.com/PastPolls.aspx.
> >
> > If this is the case, then why is there such a huge financial investment in
> > security technology?  Is the human factor expected to magically improves once
> > we've got the "right" technology?
> >
> > For our new poll, Threats and Countermeasures are asking what people
> > consider to be the more secure web application development platform; JSP,
> > PHP, ColdFusion, ASP.NET or old-skool CGI.
> >
> > Best regards,
> > --
> > Nicholas John Murison
> > ~~~~~~~~~~~~~~~~~~~~~
> > http://www.urgusabic.net
> >
> >    
>
> .
>
>