Friday, July 16, 2010

"Why Can't Johnny Develop Secure Software?"

"Why Can't Johnny Develop Secure Software?"

What a great article from darkreading.com. It points out what I've been saying all along and has some nice insight too. Not that I need or want validation -- I know the truth about developers and the lack of secure programming -- it is just nice to see bigger names and bigger press about the issue. The more we see about this, the more likely things are to change.

Best quote of the article:
But nearly all experts agree that no matter how strong the training effort, the average developer will never be very security-savvy. "They're always going to be more focused on code quality and trying to meet their deadlines," Sima says. "If I'm a developer, as soon as I've been assigned a project, I'm already behind. If there's a faster way to do something, they're going to take it, because for them speed is more important than security."