Secure Coding mailing list archives
RE: Interesting article ZDNet re informal software development quality
From: "Alun Jones" <alun () texis com>
Date: Thu, 08 Jan 2004 00:08:58 +0000
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of George Capehart Sent: Wednesday, January 07, 2004 10:20 AM Like security, quality is a process. My favorite definition of quality is "Do it right the first time."
Then go back and fix the parts you missed. I saw a book a while back with the title "if you don't have the time to do it right, when will you have the time to do it over?" I didn't buy the book, but I did pay some attention to the title. I've long suspected that one of the things that needs to happen in order for security to make its way into software is for developers to develop some backbone, so that they can tell their bosses "I can't give you the feature you've asked for, as securely as is appropriate, in the time you've asked for. I will not write it unsecurely, so you need to determine whether to lose / reduce the feature, or increase the time". Sadly, in the current employment climate, we're likely to see too many people lose their jobs for that kind of "insubordination", and be replaced by people who don't care as much. I hate to say it, but maybe it's time for developers to become accredited professionals, and for employers to insist on getting qualified developers, rather than picking anyone who's read a book on C. Alun. ~~~~ -- Texas Imperial Software | Find us at http://www.wftpd.com or email 1602 Harvest Moon Place | [EMAIL PROTECTED] Cedar Park TX 78613-1419 | WFTPD, WFTPD Pro are Windows FTP servers. Fax/Voice +1(512)258-9858 | Try our NEW client software, WFTPD Explorer.
Current thread:
- Interesting article ZDNet re informal software development quality Kenneth R. van Wyk (Jan 05)
- Re: Interesting article ZDNet re informal software development quality Crispin Cowan (Jan 06)
- Re: Interesting article ZDNet re informal software development quality Kenneth R. van Wyk (Jan 06)
- Re: Interesting article ZDNet re informal software development quality Crispin Cowan (Jan 06)
- Re: Interesting article ZDNet re informal software development quality George Capehart (Jan 06)
- Re: Interesting article ZDNet re informal software development quality Bruce Ediger (Jan 07)
- Re: Interesting article ZDNet re informal software development quality George Capehart (Jan 07)
- RE: Interesting article ZDNet re informal software development quality Alun Jones (Jan 07)
- Re: Interesting article ZDNet re informal software development quality Crispin Cowan (Jan 08)
- Re: Interesting article ZDNet re informal software development quality George Capehart (Jan 08)
- RE: Interesting article ZDNet re informal software development quality Alun Jones (Jan 08)
- Re: Interesting article ZDNet re informal software development quality George Capehart (Jan 08)
- Re: Interesting article ZDNet re informal software development quality Bruce Ediger (Jan 09)
- Re: Interesting article ZDNet re informal software development quality Brian Utterback (Jan 09)
- Re: Interesting article ZDNet re informal software development quality George Capehart (Jan 10)
- Re: Interesting article ZDNet re informal software development quality Kenneth R. van Wyk (Jan 06)
- Re: Interesting article ZDNet re informal software development quality Crispin Cowan (Jan 06)
- Re: Interesting article ZDNet re informal software development quality Brian Hetrick (Jan 07)
- RE: Interesting article ZDNet re informal software development quality David Crocker (Jan 06)
- <Possible follow-ups>
- Re: Interesting article ZDNet re informal software development quality Carl G. Alphonce (Jan 08)