Secure Coding mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Is developer education a lost cause?

From: "Robert Shields" <rshields () star net uk>
Date: Fri, 23 Jan 2004 20:55:45 +0000
Pascal Meunier wrote:


I believe that code quality would improve even more with 
management support, better programming languages and 
automated checkers, and development practices that support 
code reviews, and consumers that demand secure products and 
are willing to "pay" (in one way or another) for them.


I would agree with that. It's not reasonable to put the responsibilty
for delivery of secure applications entirely on the delevopers'
shoulders. Even in the case that a developer is capable of writing
secure code, unless concessions are made, he/she will not be able to do
so. If security is important to a project, it should be factored in
right from the start, during analysis and design as well as development.
Allowances should be made for extra timescale and budget. The
requirements for a project should state clearly that it must be secure,
and managers should be aware of practices necessary to ensure security.

Rob Shields

This e-mail has been scanned for all viruses by Star Internet. The
service is powered by MessageLabs. For more information on a proactive
anti-virus service working around the clock, around the globe, visit:
http://www.star.net.uk
_____________________________________________________________________
Previous By Date Next
Previous By Thread Next

Current thread: