Recently, my company's Marketing Director pointed everyone to a good article on software security. It talks about the biggest problem with insecure software being lack of skills of developers, which is a topic I have seen on various CSO blogs over the past year quite frequently.
The article, http://www.eweek.com/c/a/Careers/Security-Software-Developer-Might-Be-Next-Hot-IT-Niche/ was sent around as a teaser and a way to say "atta boy" to the troops at my company who work in the world of software security.
What I found most interesting, though, was the debate and feedback the article generated inside my company about what's causing insecure software. Some argued education while others argued economics. So I thought I'd post some of my favorite replies from various engineers at my company for your reading pleasure (see the additional posts on this page.)
Sound off: what do YOU think about insecure software? What is the main cause? Lack of skills? Time constraints? Management buy-in? Or should we just blame it all on Al Gore? Why not...after all, he did invent software when he invented the Internet... <g>






Most applications are developed rapidly to be deployed quickly. A thorough security testing process is often ignored or minimized for the sake of getting the new release out to the customer base.
The old Fram oil filter saying "Pay now or Pay Later" comes to mind. Paying later is always much more expensive i.e. TJX, Hannafords...
The Al Gore excuse is a good one also.
Post new comment