Re: eSecurityPlanet column on Software Security

[Jari Pirhonen <japi () iki fi>]

Kenneth R. van Wyk wrote:

if you're interested.  It's on the topic of Software Security.  I should 
point out that it's primarily written for an IT Security audience.  It's slow 
progress convincing them that Software Security is more than running a pen 
test against an application a week before it goes live in the data center...


Hmmm. I consider myself as a IT security expert although I admit to have 
some software developer background (15+ years ago). I've been advocating 
software security several years now since most software project 
managers, designers, developers, etc. doesn't seem to have a glue.


When I talk to developers and discuss about software security, I usually 
say that I shouldn't be talking here, but it just seems that no one else 
volunteers. I've seen developers to be astonished that there's more in 
security than anti virus products.


Hard work, though. It's still too common attitude among software 
projects that "security issues are covered by IT security during 
implementation phase".


Just to point out that you have friends among us ;-)

regards,
Jari

--

Jari Pirhonen