Secure Coding mailing list archives
Re: How do we improve s/w developer awareness?
From: Nick Murison <nick () urgusabic net>
Date: Tue, 16 Nov 2004 18:11:23 +0000
[ Apologies to moderator for the resend. I've not PGP/MIME signed this one, as I guess that's the reason for the last copy disappearing. ] [Ed. Apologies back at ya, as I'm on the road this week and trying my best to deal with a brain-damaged web emailer. KRvW] On Fri, Nov 12, 2004 at 08:24:59AM -0500, Jeff Williams wrote:
In my opinion, the way out of this trap is to get more information to consumers about the security in software. Information like how many lines of code, what languages, what libraries, process used, security testing done, mechanisms included, and other information can and should be disclosed.
These metrics are all well and good, but what makes you think consumers will ever be able to care about such things? Consumers have so far only cared about security when it directly affects them. One could argue that's how it should be; users should never have to worry about the software they are running because "bad" software should never get past the door of the developers. Providing consumers with assurances about the security of their systems strikes me as a good idea, and this is how it's worked for government contracts. However, they need to be in terms which the average consumer will a) understand and b) care about. What would be nice to see would be some form of competition based on security, and not just the latest wiz-bangs in Grokulator 4.3. How exactly you get consumers to care about these things before it immediately affects them is the question we should be looking at. Regards, -- Nicholas John Murison ~~~~~~~~~~~~~~~~~~~~~ http://www.urgusabic.net
Current thread:
- Re: How do we improve s/w developer awareness?, (continued)
- Re: How do we improve s/w developer awareness? M Taylor (Nov 12)
- Re: How do we improve s/w developer awareness? ljknews (Nov 12)
- Re: How do we improve s/w developer awareness? Gunnar Peterson (Nov 11)
- Re: How do we improve s/w developer awareness? George Capehart (Nov 29)
- Re: How do we improve s/w developer awareness? Greenarrow 1 (Nov 29)
- Re: How do we improve s/w developer awareness? Yousef Syed (Nov 12)
- Re: How do we improve s/w developer awareness? Gunnar Peterson (Nov 12)
- Re: How do we improve s/w developer awareness? Jeff Williams (Nov 12)
- Re: How do we improve s/w developer awareness? Gunnar Peterson (Nov 12)
- RE: How do we improve s/w developer awareness? Aleksander P. Czarnowski (Nov 14)
- Re: How do we improve s/w developer awareness? Nick Murison (Nov 16)
- Re: How do we improve s/w developer awareness? Gunnar Peterson (Nov 12)
- Message not available
- Choices Crispin Cowan (Nov 16)
- Re: Choices Nick Murison (Nov 16)
- Re: Choices Nick Murison (Nov 16)
- Re: How do we improve s/w developer awareness? Dana Epp (Nov 12)
- Re: How do we improve s/w developer awareness? Brian Utterback (Dec 02)
- RE: How do we improve s/w developer awareness? Michael S Hines (Dec 02)