Along these same lines, I submit ³the Four Coders of the Apocalypse² by Dave Thomas and Andy Hunt. One of the major areas we need to work is adoption. Programmers are not all created equal, this presentation shows four types of programmers, and describes what drives them and ideas on dealing with the different types. Excellent bit of software development archaelogy, if you need tips on communicating software security designs, rationale, etc. I would argue that through the work of Gary McGraw, Ken van Wyk, Michael Howard, OWASP, Build Security portal, and many other resources that we are awash in good ideas/tools/templates. What we really need is adoption. Adoption is predicated on understanding the programmer¹s mindsets.
The Four Coders of the Apocalypse are The Lifer (someone else will take care of things, knows everything about one topic, all solutions involve that topic, ³it can¹t be done²) The White Rabbit (no time to do it right, ³I can¹t talk now²) The Racehorse (run forward wearing blinkers, never change existing code) The Beautiful Dreamer (programming as an end in itself) http://www.pragmaticprogrammer.com/talks/4coders/4coders.htm -gp On 2/23/07 7:02 AM, "Kenneth Van Wyk" <[EMAIL PROTECTED]> wrote: > SC-L, > > So my trusty rss aggregator (NewsFire) found an interesting blog for me this > morning, and I thought I'd share it here. The blog is from Free Software > Magazine and it's titled, "The seven sins of programmers". On the surface, it > has nothing whatsoever to do with software security -- the word "security" is > never even mentioned in passing -- but I believe there are some worthy > security lessons to be gleamed from it. > > http://www.freesoftwaremagazine.com/blog/seven_sins > > Cheers, > > Ken > > ----- > Kenneth R. van Wyk > SC-L Moderator > KRvW Associates, LLC > http://www.KRvW.com > > > > > > > > _______________________________________________ > Secure Coding mailing list (SC-L) SC-L@securecoding.org > List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l > List charter available at - http://www.securecoding.org/list/charter.php > SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) > as a free, non-commercial service to the software security community. > _______________________________________________
_______________________________________________ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. _______________________________________________