Secure Coding mailing list archives
RE: Interesting article ZDNet re informal software development quality
From: "Alun Jones" <alun () texis com>
Date: Fri, 09 Jan 2004 00:26:35 +0000
-----Original Message----- From: George Capehart [mailto:[EMAIL PROTECTED] Sent: Thursday, January 08, 2004 3:50 PM On Wednesday 07 January 2004 04:57 pm, Alun Jones wrote:the time". Sadly, in the current employment climate, we'relikely tosee too many people lose their jobs for that kind of "insubordination", and be replaced by people who don't care as much.Which tells everything we could possibly want to know about how important security is to that organization.
Not likely, it'd tell the programmer everything he needs to know on that topic, but unfortunately the rest of us would not be able to determine the truth of such a claim. The company would say "oh, of course he'd say that, he just got fired", and nobody would be able to tell for sure.
I just don't think accreditation is the controlling variable in this situation. You defined the problem yourself. The problem is that feature-rich and time-to-market trumps doing things the right way.
I know - accreditation wouldn't solve a whole lot of stuff, but like security in general, it raises the barrier to entry - even if only a little.
IMHO, that would be the worst possible work environment for a conscientious, knowledgable professional. All of the cards are stacked against him/her and it will be a very stressful place to work until they can find another job. It's the management decisions that are the problem . . . They create their problems. They create an environment in which the only people who are willing to stay around are the clueless ones . . . Been there, done that. Don't ever intend to go back . . .
It's never the easy problems that get the good discussions going :-) Many programmers are well aware of what needs to be done to get good security, but few feel like they have the time to do so. I'm never satisfied that I've spent enough time securing what I release, but I have to cut off at some point so that I can get some income to fund further work. Part of good security is balancing security against features and risk. Security is not an absolute. Alun. ~~~~ -- Texas Imperial Software | Find us at http://www.wftpd.com or email 1602 Harvest Moon Place | [EMAIL PROTECTED] Cedar Park TX 78613-1419 | WFTPD, WFTPD Pro are Windows FTP servers. Fax/Voice +1(512)258-9858 | Try our NEW client software, WFTPD Explorer.
Current thread:
- Interesting article ZDNet re informal software development quality Kenneth R. van Wyk (Jan 05)
- Re: Interesting article ZDNet re informal software development quality Crispin Cowan (Jan 06)
- Re: Interesting article ZDNet re informal software development quality Kenneth R. van Wyk (Jan 06)
- Re: Interesting article ZDNet re informal software development quality Crispin Cowan (Jan 06)
- Re: Interesting article ZDNet re informal software development quality George Capehart (Jan 06)
- Re: Interesting article ZDNet re informal software development quality Bruce Ediger (Jan 07)
- Re: Interesting article ZDNet re informal software development quality George Capehart (Jan 07)
- RE: Interesting article ZDNet re informal software development quality Alun Jones (Jan 07)
- Re: Interesting article ZDNet re informal software development quality Crispin Cowan (Jan 08)
- Re: Interesting article ZDNet re informal software development quality George Capehart (Jan 08)
- RE: Interesting article ZDNet re informal software development quality Alun Jones (Jan 08)
- Re: Interesting article ZDNet re informal software development quality George Capehart (Jan 08)
- Re: Interesting article ZDNet re informal software development quality Bruce Ediger (Jan 09)
- Re: Interesting article ZDNet re informal software development quality Brian Utterback (Jan 09)
- Re: Interesting article ZDNet re informal software development quality George Capehart (Jan 10)
- Re: Interesting article ZDNet re informal software development quality Kenneth R. van Wyk (Jan 06)
- Re: Interesting article ZDNet re informal software development quality Crispin Cowan (Jan 06)
- Re: Interesting article ZDNet re informal software development quality Brian Hetrick (Jan 07)
- RE: Interesting article ZDNet re informal software development quality David Crocker (Jan 06)
- <Possible follow-ups>
- Re: Interesting article ZDNet re informal software development quality Carl G. Alphonce (Jan 08)
- Re: Interesting article ZDNet re informal software development quality Crispin Cowan (Jan 09)