Kenneth R. van Wyk wrote:
if you're interested. It's on the topic of Software Security. I should point out that it's primarily written for an IT Security audience. It's slow progress convincing them that Software Security is more than running a pen test against an application a week before it goes live in the data center...
Hmmm. I consider myself as a IT security expert although I admit to have some software developer background (15+ years ago). I've been advocating software security several years now since most software project managers, designers, developers, etc. doesn't seem to have a glue.
When I talk to developers and discuss about software security, I usually say that I shouldn't be talking here, but it just seems that no one else volunteers. I've seen developers to be astonished that there's more in security than anti virus products.
Hard work, though. It's still too common attitude among software projects that "security issues are covered by IT security during implementation phase".
Just to point out that you have friends among us ;-)
regards, Jari
--
Jari Pirhonen