WebApp Sec mailing list archives
Re: Secure Coding? Bah!
From: "David Wall @ Yozons, Inc." <dwall () yozons com>
Date: Thu, 22 Jan 2004 20:07:59 -0800
Does anyone know of any information about this authors credentials to make these claims ?
http://infosecuritymag.techtarget.com/ss/0,295796,sid6_iss306_art550,00.html Not to be flippant, but what credentials would be needed? He claims to have a CISSP certification, though. Overall, the claim seems rather silly and pointless, as if driving safer "is not going to happen" so there's no need to teach it. Personally, I work in industry, but while I'm not an "industry leader," I know that there are many businesses that take security seriously when it comes to creating software. I'll grant that we could have better tools to assess our progress, but one way we make more money is by providing a secure solution to our customers. That's our business, though. I've found similar concerns when dealing with IT in telecom, health, banking and brokerage firms. One solution they use is outsourcing or purchasing software that already has a focus on security. As for academia, I don't think "matriculating Ph.D.s" is required since DePaul University and California State University both offer security-related courses. In the end, security is a trade off game. Nothing has to be 100% secure, just secure enough to do business. Maybe Mr. Briney is a purist, so he find no benefit in getting better at security without having total security. Starbucks doesn't put metal detectors and armed guards in its stores, not because they don't care about security, but because the costs are higher than the benefits, including alienating their customers. I think the same is true for software. Good software is designed with security in mind from the get go, and many companies realize that good security makes for a better product. After all, nobody wants their product to be victimized in the public's eye! David --------------------------------------------- David A. E. Wall Chief Software Architect Yozons, Inc. Kirkland, Washington USA Tel 425.822.4465 david.wall () yozons com Fax 425.827.9415 www.yozons.com Cell 425.985.6519 Yozons Signed & Secured - A secure document delivery, electronic signature, spam-free, virus-free business private network - Used and proven by many in the Fortune 500 - Low cost, hosted solutions for smaller businesses
Current thread:
- Secure Coding? Bah! Mark Curphey (Jan 22)
- Re: Secure Coding? Bah! Adam Tuliper (Jan 22)
- RE: Secure Coding? Bah! Taco Fleur (Jan 22)
- RE: Secure Coding? Bah! Patrick Chavez (Jan 22)
- Re: Secure Coding? Bah! Juridian (Jan 23)
- Re: Secure Coding? Bah! Juridian (Jan 22)
- Re: Secure Coding? Bah! David Wall @ Yozons, Inc. (Jan 22)
- RE: Secure Coding? Bah! Taco Fleur (Jan 22)
- RE: Secure Coding? Bah! Tim Greer (Jan 23)
- RE: Secure Coding? Bah! Taco Fleur (Jan 23)
- RE: Secure Coding? Bah! Tim Greer (Jan 23)
- RE: Secure Coding? Bah! Taco Fleur (Jan 22)
- Re: Secure Coding? Bah! Adam Tuliper (Jan 22)
- <Possible follow-ups>
- Re: Secure Coding? Bah! Chris Kirschke (Jan 22)
- Re: Secure Coding? Bah! Mark Curphey (Jan 22)
- Re: Secure Coding? Bah! Adam Tuliper (Jan 22)
- Re: Secure Coding? Bah! Mark Curphey (Jan 22)