Secure Coding mailing list archives
Re: Is developer education a lost cause?
From: Richard Moore <rich () westpoint ltd uk>
Date: Fri, 23 Jan 2004 20:55:56 +0000
Robert Shields wrote: A developer only writes code to meet project requirements. The requirements for a typical project will not mention security, and even if it did, how would you test whether or not an application is secure? A typical tester will not be able to test this unless they are specially trained. Thus, the decision to write secure code needs to made at a managment level and incorporated into company wide policy. I tend to agree with this. Basically, I think that a lot of security comes down to specifying how invalid input (or state transitions) should be handled. A system that isn't designed with the possibility of errors in mind is unlikely to ever be a) Stable or b) Secure. Cheers Rich.
Current thread:
- Is developer education a lost cause? Kenneth R. van Wyk (Jan 22)
- RE: Is developer education a lost cause? Jason Wilcox (Jan 22)
- Re: Is developer education a lost cause? Joe Teff (Jan 22)
- RE: Is developer education a lost cause? Michael S Hines (Jan 23)
- Re: Is developer education a lost cause? Pascal Meunier (Jan 23)
- Re: Is developer education a lost cause? Chris Wysopal (Jan 23)
- Re: Is developer education a lost cause? George Capehart (Jan 23)
- <Possible follow-ups>
- RE: Is developer education a lost cause? Robert Shields (Jan 23)
- Re: Is developer education a lost cause? Richard Moore (Jan 23)
- RE: Is developer education a lost cause? Giri, Sandeep (Jan 23)
- RE: Is developer education a lost cause? Robert Shields (Jan 23)
- Re: Is developer education a lost cause? Gary McGraw (Jan 23)
- RE: Is developer education a lost cause? Jeremy Epstein (Jan 30)
- Re: Is developer education a lost cause? der Mouse (Jan 31)
- RE: Is developer education a lost cause? Jeremy Epstein (Feb 02)
- Re: Is developer education a lost cause? jeff . williams (Feb 02)
- RE: Is developer education a lost cause? Brad Arkin (Feb 04)