WebApp Sec mailing list archives
RE: Secure Coding? Bah!
From: "Patrick Chavez" <pchavez () nmt edu>
Date: Thu, 22 Jan 2004 21:58:02 -0700
I attend one of those three-dozen Centers of Academic Excellence in Information Assurance Education and research in all aspects of computer security is very active. Many universities (mine included) offer a wealth of security related course work. The instructors frequently come directly from industry and are more than qualified. However, there is more to computer science than security! A full course of study focusing on security may not be as useful as it sounds. Don't forget data structures, algorithms, databases, graphics, etc. When you look at it, security doesn't really DO anything. Do you really want a program that doesn't accomplish anything, other than being secure? -----Original Message----- From: Adam Tuliper [mailto:amt () gecko-software com] Sent: Thursday, January 22, 2004 20:52 To: mark () curphey com; webappsec () securityfocus com Subject: Re: Secure Coding? Bah! credentials or not.. he's right on almost every aspect. Almost every company I've done work at had pretty insecure code that I had to fix. I know of almost no peer developers who are security conscious, as well as I know no developers personally that were taught security as part of their training. It never ceases to amaze me how many developers know next to nothing about writing secure code. You tell them about a sql injection attack and they look at you like a dog who just heard a funny noise and turns its head sideways. Ironically the only people I know who seme to have any idea about security are the same ones who could hack your systems. Seems like this needs to be more two-way knowledge but most developers just don't care.
Current thread:
- Secure Coding? Bah! Mark Curphey (Jan 22)
- Re: Secure Coding? Bah! Adam Tuliper (Jan 22)
- RE: Secure Coding? Bah! Taco Fleur (Jan 22)
- RE: Secure Coding? Bah! Patrick Chavez (Jan 22)
- Re: Secure Coding? Bah! Juridian (Jan 23)
- Re: Secure Coding? Bah! Juridian (Jan 22)
- Re: Secure Coding? Bah! David Wall @ Yozons, Inc. (Jan 22)
- RE: Secure Coding? Bah! Taco Fleur (Jan 22)
- RE: Secure Coding? Bah! Tim Greer (Jan 23)
- RE: Secure Coding? Bah! Taco Fleur (Jan 23)
- RE: Secure Coding? Bah! Tim Greer (Jan 23)
- RE: Secure Coding? Bah! Taco Fleur (Jan 22)
- Re: Secure Coding? Bah! Adam Tuliper (Jan 22)
- <Possible follow-ups>
- Re: Secure Coding? Bah! Chris Kirschke (Jan 22)