Software Security Serious Sh*t

Software Security Serious Sh*t

by Ed Adams, Security Curmudgeon

Mon, 2008-04-28 18:13

Topic(s): Data Protection | Identity Management | Business Continuity | Leadership | Career

Recently, my company's Marketing Director pointed everyone to a good article on software security. It talks about the biggest problem with insecure software being lack of skills of developers, which is a topic I have seen on various CSO blogs over the past year quite frequently.

The article, http://www.eweek.com/c/a/Careers/Security-Software-Developer-Might-Be-Next-Hot-IT-Niche/ was sent around as a teaser and a way to say "atta boy" to the troops at my company who work in the world of software security.

What I found most interesting, though, was the debate and feedback the article generated inside my company about what's causing insecure software. Some argued education while others argued economics. So I thought I'd post some of my favorite replies from various engineers at my company for your reading pleasure (see the additional posts on this page.)

Sound off: what do YOU think about insecure software? What is the main cause? Lack of skills? Time constraints? Management buy-in? Or should we just blame it all on Al Gore? Why not...after all, he did invent software when he invented the Internet... <g>

» read more from Ed Adams | post a comment

Reader Feedback

Tue, 2008-06-10 20:30

Applications rushed into production

By Bill Melley

Most applications are developed rapidly to be deployed quickly. A thorough security testing process is often ignored or minimized for the sake of getting the new release out to the customer base.

The old Fram oil filter saying "Pay now or Pay Later" comes to mind. Paying later is always much more expensive i.e. TJX, Hannafords...

The Al Gore excuse is a good one also.

» Reply | Report as spam

VIRTUAL CONFERENCE

Data Center Directions Virtual Conference

Attend this free, 100% online event exploring tools and techniques for making your data center deliver for today and tomorrow.

» Learn more and register here

WEBCAST

The Surest Path to Effective and Efficient Compliance

In this webcast, we explore why and how — with best practices, practical tips and solutions that work — to ease your compliance challenge.

» View the webcast

Sponsored Links

Manage your IT more effectively

Efficient - Flexible - Compliant

E-LOAN Maintains Reputation as a Privacy Leader with Symantec

Data Loss Prevention: Keeping Sensitive Data Out of the Wrong Hands

Prudential Financial Protects its Brand with Symantec

Envision Identity-Based Access Control for the Datacenter

Digital Identity Protection and Data Security Get Personal

Welcome to the age of Service-Oriented Security (SOS)

Enabling Compliance with Converged Mainframe Security and Storage

The Case for Business Software Assurance ~ Securing Your Applications

Forrester Total Economic Impact (TEI) report: Save Millions in Fraud Losses.

5 Steps to Secure Outsourced Application Development

CA's IT Security centralizes your identity management to turn security into a proactive, business-building tool

Simplify your data center with Juniper Networks. View the webcast

7 Requirements of Data Loss Prevention

Information Security: Data Drains and How to Prevent Loss

How Are Open Source Development Communities Embracing Security Best Practices?

IDC Defines an Identity and Access Management Submarket

Using Likewise to Comply with PCI Data Security Standard

IDC Defines an Identity and Access Management Submarket for Managing Privileged User Accounts and Meeting GRC Requirements

Everything Today's CISO Needs to Know About Using SSO to Succeed in the Web 2.0 Era

Solving Online Credit Fraud Using Device Reputation

Understanding Data Location is Imperative for Data Loss Prevention