Developers ignore their security responsibilities: Oracle

[InfoSec News <alerts () infosecnews org>]

http://www.zdnet.com/developers-ignore-their-security-responsibilities-oracle-7000005808/

By Michael Lee
ZDNet News
October 16, 2012

Software developers are ignoring their responsibilities to protect and 
design infrastructure that is properly secured, according to Oracle 
Chief Security Officer Mary Ann Davidson.

Speaking at the Australian Information Security Association's National 
Conference 2012 in Sydney today, Davidson said that developers, in many 
cases, were building systems used in key infrastructure without even 
thinking about security.

"Do we really think that the people that decide [to] have self-driving 
cars are going to have evil thoughts like 'Gee, I wonder if somebody 
would use a GPS system [...] to make that particular car have an 
accident?' Of course not."

"You have accountability. You're building infrastructure. It's not just 
cool technology."

But according to Davidson, many times, developers take shortcuts, 
assuming that their applications will only be used in certain ways.

[...]


--
CISSP and CEH Live OnLine training with ExpandingSecurity.com is the fastest,
easiest way to master the relevant data you need now.  Sign up for the free
weekly PainPill and try a free class.  It is easy.
http://www.expandingsecurity.com/PainPill