Secure Coding mailing list archives
OWASP Publicity
From: mouse at Rodents.Montreal.QC.CA (der Mouse)
Date: Fri, 16 Nov 2007 02:58:42 -0500 (EST)
The vast majority of IT executives are unfamiliar with all of the principles of security, firewalls, coding, whatever.
The important thing to understand is that such principles are below their granularity; the[y] are *right* to not care about such principles, because they can't do anything about them.
Perhaps - but then, they have to stop second-guessing the people who *do* know what they're talking about. Trying to have it both ways - management that is inexpert but nevertheless imposes their opinions on design or buying decisions - is a recipe for disaster, and, while hardly universal, is all too common. I've never understood why it is that managers who would never dream of second-guessing an electrician about electrical wiring, a construction engineer about wall bracing, a mechanic about car repairs, will not hesitate to believe - or at least act as though they believe - they know better than their in-house experts when it comes to what computer, especially software, decisions are appropriate, and use their management position to dictate choices based on their inexpert, incompletely informed, and often totally incompetent opinions. (Not just security decisions, either, though that's one of the cases with the most unfortunate consequences.) /~\ The ASCII der Mouse \ / Ribbon Campaign X Against HTML mouse at rodents.montreal.qc.ca / \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B
Current thread:
- Code review pool Paolo Perego (Nov 05)
- Code review pool ljknews (Nov 05)
- Message not available
- Code review pool Paolo Perego (Nov 05)
- OWASP Publicity McGovern, James F (HTSC, IT) (Nov 15)
- OWASP Publicity Crispin Cowan (Nov 15)
- OWASP Publicity Bernie Rosen (Nov 15)
- OWASP Publicity der Mouse (Nov 15)
- OWASP Publicity Leichter, Jerry (Nov 16)
- OWASP Publicity Crispin Cowan (Nov 16)
- OWASP Publicity Benjamin Tomhave (Nov 18)
- OWASP Publicity James Stibbards (Nov 19)
- OWASP Publicity Benjamin Tomhave (Nov 19)
- OWASP Publicity Crispin Cowan (Nov 15)
- OWASP Publicity McGovern, James F (HTSC, IT) (Nov 19)