A Tale of Two Market Sizes

Discussion in 'other security issues & news' started by Dermot7, Feb 9, 2012.

Thread Status:
Not open for further replies.
  1. Dermot7

    Dermot7 Registered Member

    Joined:
    Dec 20, 2009
    Posts:
    3,196
    Location:
    Surrey, England.
    https://www.veracode.com/blog/2012/02/a-tale-of-two-market-sizes/
     
  2. BrandiCandi

    BrandiCandi Guest

    Hmm... so what he's saying is we should keep on churning out crappy programs. Then we should test them (which is shockingly difficult & ineffective by the way). Then we spend a huge amount of time & money fixing the crappy code.

    The whole process seems backwards to me: create something broken and then try to fix it. That's like getting pregnant then buying condoms.

    Call me crazy but maybe we should collectively STOP WRITING CRAPPY PROGRAMS IN THE FIRST PLACE. Did the author consider architecture in his analysis of application security measures? If you start with a good architecture that builds in the prevention of known security flaws (even really basic like escaping user input), then there may be less reason to security test it afterwards. Never mind that programmers should know how to avoid writing code with basic vulnerabilities. Whose responsibility is it to make sure they know that (or care)?
     
  3. BrandiCandi

    BrandiCandi Guest

Loading...
Thread Status:
Not open for further replies.