WebApp Sec mailing list archives
Re: The biggest thing affecting software security? People, apparently.
From: Irene Abezgauz <irene.abezgauz () gmail com>
Date: Thu, 30 Jun 2005 09:43:27 +0200
Nick, First of all, notice the results are based on the opinions of 66 people, which hardly makes it a comprehensive survey. Another thing, people and mistakes will always be there, but technology improves to ensure people can make less mistakes and are given less space and freedom to make such. Better technology provides means for people to make less mistakes. It just seems less obvious that it's the technology that is making the difference when it's working properly. If the technology wasn't there people would make a lot more mistakes while reinventing a less secure wheel. Imagine a world with no commercial session management products. A world dominated by home-grown session mechanisms. Oh, btw, that world also does not have any cryptographic infrastructure. Wake up from the nightmare, and realize technology *is* important, it is just easy to overlook when it's there. It is the same as saying that people are the biggest cause of road kills, indeed, they are. On the other hand, imagine the same people driving bumpy roads with no traffic lights, no stop signs, and no lane markings. It is easy to say "why are they developing better roads and thinking of ways to improve, while people are the largest factor". Because people *need* better infrastructures and better technology to keep their mistakes in control. Btw, technology is no good when not used properly, so yes, education is very, very, very important. That is why I strongly believe programmers should be educated for security. Irene ----------------------- Irene Abezgauz Application Security Consultant Hacktics Ltd. Mobile: +972-54-6545405 Web: www.hacktics.com On 6/29/05, Nick Murison <nick () urgusabic net> wrote:
Hi all, www.threatsandcountermeasures.com just closed their poll on what people thought was the biggest thing affecting software security. The results were: People: 80.3% Process: 18.2% Technology: 1.5% Results also available from www.threatsandcountermeasures.com/PastPolls.aspx. If this is the case, then why is there such a huge financial investment in security technology? Is the human factor expected to magically improves once we've got the "right" technology? For our new poll, Threats and Countermeasures are asking what people consider to be the more secure web application development platform; JSP, PHP, ColdFusion, ASP.NET or old-skool CGI. Best regards, -- Nicholas John Murison ~~~~~~~~~~~~~~~~~~~~~ http://www.urgusabic.net
Current thread:
- The biggest thing affecting software security? People, apparently. Nick Murison (Jun 29)
- Re: The biggest thing affecting software security? People, apparently. Steve Milner (Jun 29)
- RE: The biggest thing affecting software security? People, apparently. Lyal Collins (Jun 29)
- Re: The biggest thing affecting software security? People, apparently. Clinton E. Troutman (Jun 30)
- Re: The biggest thing affecting software security? People, apparently. Irene Abezgauz (Jun 30)
- Re: The biggest thing affecting software security? People, apparently. . . (Jun 30)
- Re: The biggest thing affecting software security? People, apparently. John Manko (Jun 30)