-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > While you are exactly right that developers write bad code, > > we shouldn't leave the developers out in the cold and just > say "You are the problem. > Learn to write better code." If there are code auditing and
Ah, my original email wasn't verbose enough. I meant, as others have pointed out, that there is no one solution but organizations must use multiple solutions. Code audits won't save you and neither will only educating developers. The point of my email was more of a vent because most people, and media it seems, assume more and more technology is the answer to security problems. Maybe we should focus more on the developer AND give them the tools. > We allow developers to have debuggers, right? Why not let > them have code tools that scan for stupid errors like buffer > overflows in their code? It's just another tool in the > toolbox. Great developers, like great artists, still must be > fluent with their tools. I 100% agree but want to emphasize that developer education and tools go hand in hand. If you only use one you are only solving part of the problem. Hope that clears up my initial email. Thanks, Michael A. Davis Chief Executive Officer Savid Technologies, Inc. http://www.savidtech.com -----BEGIN PGP SIGNATURE----- Version: PGP 8.0.3 iQA/AwUBQIWfXNo69WASbsMmEQJvYwCeLtX+ha9i+xmbQO1xirrEm15nOo4AoMc4 PRWw9Ft+6Og9UxmPlvzGQ3sT =a2pT -----END PGP SIGNATURE-----