WebApp Sec mailing list archives

Re: Secure Coding? Bah!

From: "David Wall @ Yozons, Inc." <dwall () yozons com>
Date: Thu, 22 Jan 2004 20:07:59 -0800

Does anyone know of any information about this authors credentials to make
these claims ?

http://infosecuritymag.techtarget.com/ss/0,295796,sid6_iss306_art550,00.html

Not to be flippant, but what credentials would be needed?  He claims to have
a CISSP certification, though.  Overall, the claim seems rather silly and
pointless, as if driving safer "is not going to happen" so there's no need
to teach it.

Personally, I work in industry, but while I'm not an "industry leader," I
know that there are many businesses that take security seriously when it
comes to creating software.  I'll grant that we could have better tools to
assess our progress, but one way we make more money is by providing a secure
solution to our customers.  That's our business, though.  I've found similar
concerns when dealing with IT in telecom, health, banking and brokerage
firms.  One solution they use is outsourcing or purchasing software that
already has a focus on security.

As for academia, I don't think "matriculating Ph.D.s" is required since
DePaul University and California State University both offer
security-related courses.

In the end, security is a trade off game.  Nothing has to be 100% secure,
just secure enough to do business.  Maybe Mr. Briney is a purist, so he find
no benefit in getting better at security without having total security.
Starbucks doesn't put metal detectors and armed guards in its stores, not
because they don't care about security, but because the costs are higher
than the benefits, including alienating their customers.  I think the same
is true for software.  Good software is designed with security in mind from
the get go, and many companies realize that good security makes for a better
product.  After all, nobody wants their product to be victimized in the
public's eye!

David
---------------------------------------------
David A. E. Wall
Chief Software Architect
Yozons, Inc.
Kirkland, Washington USA
Tel 425.822.4465    david.wall () yozons com
Fax 425.827.9415    www.yozons.com
Cell 425.985.6519

Yozons Signed & Secured - A secure document delivery, electronic signature,
spam-free, virus-free business private network
    - Used and proven by many in the Fortune 500
    - Low cost, hosted solutions for smaller businesses

Current thread:

Secure Coding? Bah! Mark Curphey (Jan 22)
- Re: Secure Coding? Bah! Adam Tuliper (Jan 22)
  - RE: Secure Coding? Bah! Taco Fleur (Jan 22)
  - RE: Secure Coding? Bah! Patrick Chavez (Jan 22)
    - Re: Secure Coding? Bah! Juridian (Jan 23)
  - Re: Secure Coding? Bah! Juridian (Jan 22)
- Re: Secure Coding? Bah! David Wall @ Yozons, Inc. (Jan 22)
  - RE: Secure Coding? Bah! Taco Fleur (Jan 22)
    - RE: Secure Coding? Bah! Tim Greer (Jan 23)
    - RE: Secure Coding? Bah! Taco Fleur (Jan 23)
    - RE: Secure Coding? Bah! Tim Greer (Jan 23)
- RE: Secure Coding? Bah! Taco Fleur (Jan 22)
- Re: Secure Coding? Bah! Chris DeVoney (Jan 22)
- <Possible follow-ups>
- Re: Secure Coding? Bah! Chris Kirschke (Jan 22)
- Re: Secure Coding? Bah! Mark Curphey (Jan 22)
  - Re: Secure Coding? Bah! Adam Tuliper (Jan 22)
- Re: Secure Coding? Bah! Mark Curphey (Jan 22)

(Thread continues...)