Software Security Serious Sh*t
by Ed Adams, Security Curmudgeon
Mon, 2008-04-28 18:13
Topic(s): | | | |

Recently, my company's Marketing Director pointed everyone to a good article on software security.  It talks about the biggest problem with insecure software being lack of skills of developers, which is a topic I have seen on various CSO blogs over the past year quite frequently. 

The article, http://www.eweek.com/c/a/Careers/Security-Software-Developer-Might-Be-Next-Hot-IT-Niche/  was sent around as a teaser and a way to say "atta boy" to the troops at my company who work in the world of software security.

What I found most interesting, though, was the debate and feedback the article generated inside my company about what's causing insecure software.  Some argued education while others argued economics. So I thought I'd post some of my favorite replies from various engineers at my company for your reading pleasure (see the additional posts on this page.)

Sound off: what do YOU think about insecure software? What is the main cause? Lack of skills? Time constraints? Management buy-in? Or should we just blame it all on Al Gore? Why not...after all, he did invent software when he invented the Internet... <g> 

» read more from Ed Adams | post a comment
Reader Feedback
Tue, 2008-06-10 20:30
Applications rushed into production
By Bill Melley

Most applications are developed rapidly to be deployed quickly. A thorough security testing process is often ignored or minimized for the sake of getting the new release out to the customer base.

The old Fram oil filter saying "Pay now or Pay Later" comes to mind. Paying later is always much more expensive i.e. TJX, Hannafords...

The Al Gore excuse is a good one also.

» Reply | Report as spam

Post new comment

The content of this field is kept private and will not be shown publicly.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd>
  • Lines and paragraphs break automatically.
* Denotes a required field
VIRTUAL CONFERENCE
Security Directions: A Virtual Conference

Security Directions Available On Demand Sept. 30 - Dec. 30

Join us for a virtual event with candid, expert information on top security challenges and issues - all from the comfort of your desktop.

» Register Now

WEBCAST
Protecting PII: How to Work with IT to Manage Risk

Compuware Understand the critical nature of the test data privacy problem and get tips on how to work with IT to implement a test data privacy program.

» View this Webcast