Secure Coding mailing list archives
RE: Is developer education a lost cause?
From: "Robert Shields" <rshields () star net uk>
Date: Fri, 23 Jan 2004 20:55:45 +0000
Pascal Meunier wrote:
I believe that code quality would improve even more with management support, better programming languages and automated checkers, and development practices that support code reviews, and consumers that demand secure products and are willing to "pay" (in one way or another) for them.
I would agree with that. It's not reasonable to put the responsibilty for delivery of secure applications entirely on the delevopers' shoulders. Even in the case that a developer is capable of writing secure code, unless concessions are made, he/she will not be able to do so. If security is important to a project, it should be factored in right from the start, during analysis and design as well as development. Allowances should be made for extra timescale and budget. The requirements for a project should state clearly that it must be secure, and managers should be aware of practices necessary to ensure security. Rob Shields This e-mail has been scanned for all viruses by Star Internet. The service is powered by MessageLabs. For more information on a proactive anti-virus service working around the clock, around the globe, visit: http://www.star.net.uk _____________________________________________________________________
Current thread:
- Is developer education a lost cause? Kenneth R. van Wyk (Jan 22)
- RE: Is developer education a lost cause? Jason Wilcox (Jan 22)
- Re: Is developer education a lost cause? Joe Teff (Jan 22)
- RE: Is developer education a lost cause? Michael S Hines (Jan 23)
- Re: Is developer education a lost cause? Pascal Meunier (Jan 23)
- Re: Is developer education a lost cause? Chris Wysopal (Jan 23)
- Re: Is developer education a lost cause? George Capehart (Jan 23)
- <Possible follow-ups>
- RE: Is developer education a lost cause? Robert Shields (Jan 23)
- Re: Is developer education a lost cause? Richard Moore (Jan 23)
- RE: Is developer education a lost cause? Giri, Sandeep (Jan 23)
- RE: Is developer education a lost cause? Robert Shields (Jan 23)
- Re: Is developer education a lost cause? Gary McGraw (Jan 23)
- RE: Is developer education a lost cause? Jeremy Epstein (Jan 30)
- Re: Is developer education a lost cause? der Mouse (Jan 31)
- RE: Is developer education a lost cause? Jeremy Epstein (Feb 02)
- Re: Is developer education a lost cause? jeff . williams (Feb 02)
- RE: Is developer education a lost cause? Brad Arkin (Feb 04)