The "just get the bloody thing to work" is usually an attitude foisted
on developers by the business side.
I work in an internal application security function for a large
enterprise and i'm yet to meet a developer who wasn't concerned about
security.
Developer education is very important and we h
I've always thought systrace was nifty
http://www.citi.umich.edu/u/provos/systrace/
It's on a different level than .net/java, but I don't see why
something like that couldn't be built in to the CLR.
As to developers vs management, unless there is high level support for
security, developers are al
Hi All
Thank you for your replies, they have been very useful and will
certainly help identifying things that need to appear in the standard.
We're trying to make the standard something that is easily auditable,
and have decided to further split items into two categories, those that
should checked
Hi all
I've been tasked with developing a secure coding standard for my
employer. This will be a policy tool used to get developers to fix
issues in their code after an audit, and also hopefully be of use to
developers as they work to ensure they are compliant. The kicker is it
needs to cover thin
Thanks for this, many interesting points. Many of them, such of
quality of auditors and the vagueness of requirements/specifications
are structural issues present in all industries that will never go
away. There's never enough good people. If you're a shit hot
accountant you're going to be off maki
On Dec 3, 2007 8:34 AM, silky <[EMAIL PROTECTED]> wrote:
>
> how does anyone know how to hire anyone for a job that they themselves
> aren't qualified for? well, you pay professionals to do it.
> recruitment agents. this should be part of their role. and absolutely
> agreed; most certification is u
This strikes me as largely meaningless, bordering on good news. More
bugs found = more bugs fixed = more secure software.
I dont really think you can compare the numbers from 2001 and 2006
though. There's way more people looking for bugs now than there were
in 2001. Maybe there were more bugs arou
On 11/7/06, Wall, Kevin <[EMAIL PROTECTED]> wrote:
>
> Developers have to cut corners somewhere, and since security issues
> are not paramount, that's often what gets overlooked.
>
this is the biggest issue i think. it gets overlooked because
management dont value it. partly because its expensive