Secure Coding mailing list archives
Re: Interesting article ZDNet re informal software development quality
From: George Capehart <gwc () acm org>
Date: Fri, 09 Jan 2004 00:28:13 +0000
On Wednesday 07 January 2004 04:57 pm, Alun Jones wrote: <snip>
I've long suspected that one of the things that needs to happen in order for security to make its way into software is for developers to develop some backbone, so that they can tell their bosses "I can't give you the feature you've asked for, as securely as is appropriate, in the time you've asked for. I will not write it unsecurely, so you need to determine whether to lose / reduce the feature, or increase the time". Sadly, in the current employment climate, we're likely to see too many people lose their jobs for that kind of "insubordination", and be replaced by people who don't care as much.
Which tells everything we could possibly want to know about how important security is to that organization.
I hate to say it, but maybe it's time for developers to become accredited professionals, and for employers to insist on getting qualified developers, rather than picking anyone who's read a book on C.
I just don't think accreditation is the controlling variable in this situation. You defined the problem yourself. The problem is that feature-rich and time-to-market trumps doing things the right way. IMHO, that would be the worst possible work environment for a conscientious, knowledgable professional. All of the cards are stacked against him/her and it will be a very stressful place to work until they can find another job. It's the management decisions that are the problem . . . They create their problems. They create an environment in which the only people who are willing to stay around are the clueless ones . . . Been there, done that. Don't ever intend to go back . . . FWIW, /g
Current thread:
- Interesting article ZDNet re informal software development quality Kenneth R. van Wyk (Jan 05)
- Re: Interesting article ZDNet re informal software development quality Crispin Cowan (Jan 06)
- Re: Interesting article ZDNet re informal software development quality Kenneth R. van Wyk (Jan 06)
- Re: Interesting article ZDNet re informal software development quality Crispin Cowan (Jan 06)
- Re: Interesting article ZDNet re informal software development quality George Capehart (Jan 06)
- Re: Interesting article ZDNet re informal software development quality Bruce Ediger (Jan 07)
- Re: Interesting article ZDNet re informal software development quality George Capehart (Jan 07)
- RE: Interesting article ZDNet re informal software development quality Alun Jones (Jan 07)
- Re: Interesting article ZDNet re informal software development quality Crispin Cowan (Jan 08)
- Re: Interesting article ZDNet re informal software development quality George Capehart (Jan 08)
- RE: Interesting article ZDNet re informal software development quality Alun Jones (Jan 08)
- Re: Interesting article ZDNet re informal software development quality George Capehart (Jan 08)
- Re: Interesting article ZDNet re informal software development quality Bruce Ediger (Jan 09)
- Re: Interesting article ZDNet re informal software development quality Brian Utterback (Jan 09)
- Re: Interesting article ZDNet re informal software development quality George Capehart (Jan 10)
- Re: Interesting article ZDNet re informal software development quality Kenneth R. van Wyk (Jan 06)
- Re: Interesting article ZDNet re informal software development quality Crispin Cowan (Jan 06)
- Re: Interesting article ZDNet re informal software development quality Brian Hetrick (Jan 07)
- RE: Interesting article ZDNet re informal software development quality David Crocker (Jan 06)
- <Possible follow-ups>
- Re: Interesting article ZDNet re informal software development quality Carl G. Alphonce (Jan 08)
- Re: Interesting article ZDNet re informal software development quality Crispin Cowan (Jan 09)