Secure Coding mailing list archives

RE: Is developer education a lost cause?

From: Jeremy Epstein <jeremy.epstein () webmethods com>
Date: Mon, 02 Feb 2004 16:45:30 +0000

Glad to see someone is taking my bait :-)

-----Original Message-----
From: der Mouse [mailto:[EMAIL PROTECTED]
Sent: Friday, January 30, 2004 5:57 PM
To: [EMAIL PROTECTED]
Subject: Re: [SC-L] Is developer education a lost cause?

I believe that developer education is a lost cause.  [...]  It's
because customers don't care.
[...]


Actually, I think this is only partially true.  It's certainly true in
the mass-market end-user millions-of-copies world, but I believe it is
much less true - perhaps to the point of being false - in the
higher-end market where you expect to sell perhaps a few dozen copies.
My contact with that market is minimal, but I did once work at a
company that aimed at it. so this opinion is not _total_ armchair
quarterbacking.


I guess we all have our limited subsets of customers.  I talk to high end
customers (Global 2000), and this is what I see.  I'm sure it's not
universally true throughout these organizations, but the folks I talk to are
usually the Information Systems (IS) folks, not the Information Technology
(IT).  There seems to be a major difference between the two: the IS folks
are interested in getting their application working, and the IT folks are
interested in infrastructure.  The latter are usually interested in whether
applications are secure, but only rarely are the former.  Since it's the IS
folks who buy & deploy business applications, that's what we have the most
to fear.

I certainly don't think you're armchair quarterbacking... but maybe you & I
are watching different games :-)

So I think training developers is mostly a waste of time &

money.  We

should spend our time instead on convincing software purchasers that
they should care.  Then, and only then, is training developers
worthwhile.


Assuming you're talking about the end-user mass market, I agree with
you - and I think there isn't much we (for any appropriate value of
"we") can do to convince buyers to care.  If sobig and mydoom and such
aren't doing it, what chance do we have?


Just to be clear... I'm NOT talking about the end-user mass market.  I wish
I were.  I'm talking about Global 2000... and that's what scares me much
more.

--Jeremy, speaking at most for myself, and maybe not even that

Current thread:

Re: Is developer education a lost cause?, (continued)
- Re: Is developer education a lost cause? Pascal Meunier (Jan 23)
- Re: Is developer education a lost cause? Chris Wysopal (Jan 23)
  - Re: Is developer education a lost cause? George Capehart (Jan 23)
- RE: Is developer education a lost cause? Robert Shields (Jan 23)
  - Re: Is developer education a lost cause? Richard Moore (Jan 23)
- RE: Is developer education a lost cause? Giri, Sandeep (Jan 23)
- RE: Is developer education a lost cause? Robert Shields (Jan 23)
- Re: Is developer education a lost cause? Gary McGraw (Jan 23)
- RE: Is developer education a lost cause? Jeremy Epstein (Jan 30)
  - Re: Is developer education a lost cause? der Mouse (Jan 31)
- RE: Is developer education a lost cause? Jeremy Epstein (Feb 02)
- Re: Is developer education a lost cause? jeff . williams (Feb 02)
- RE: Is developer education a lost cause? Brad Arkin (Feb 04)