Secure Coding mailing list archives
How do we improve s/w developer awareness?
From: "Kenneth R. van Wyk" <Ken () krvw com>
Date: Thu, 11 Nov 2004 16:52:59 +0000
Greetings, In my business travels, I spend quite a bit of time talking with Software Developers as well as IT Security folks. One significant different that I've found is that the IT Security folks, by and large, tend to pay a lot of attention to software vulnerability and attack information while most of the Dev folks that I talk to are blissfully unaware of the likes of Full-Disclosure, Bugtraq, PHRACK, etc. I haven't collected any real stats, but it seems to me to be at least a 90/10% and 10/90% difference. (Yes, I know that this is a gross generalization and there are no doubt significant exceptions, but...) I believe that this presents a significant hurdle to getting Dev folks to care about Software Security issues. Books like Gary McGraw's Exploiting Software do a great job at explaining how software can be broken, which is a great first step, but it's only a first step. Am I alone in this opinion or have others noticed the same sort of thing? It's going to be a long, slow battle, in my opinion. Cheers, Ken -- KRvW Associates, LLC http://www.KRvW.com
Current thread:
- How do we improve s/w developer awareness? Kenneth R. van Wyk (Nov 11)
- Re: How do we improve s/w developer awareness? ljknews (Nov 11)
- Re: How do we improve s/w developer awareness? Paco Hope (Nov 11)
- Re: How do we improve s/w developer awareness? ljknews (Nov 12)
- Re: How do we improve s/w developer awareness? M Taylor (Nov 12)
- Re: How do we improve s/w developer awareness? ljknews (Nov 12)
- Re: How do we improve s/w developer awareness? Paco Hope (Nov 11)
- Re: How do we improve s/w developer awareness? ljknews (Nov 11)
- Re: How do we improve s/w developer awareness? Greenarrow 1 (Nov 29)
- <Possible follow-ups>
- Re: How do we improve s/w developer awareness? Yousef Syed (Nov 12)
- Re: How do we improve s/w developer awareness? Gunnar Peterson (Nov 12)