Access "Marcus Ranum chat: Software development practices and security"
This article is part of the June 2012 issue of Five actions to prepare for today’s external security threats
Marcus Ranum: Brian, thank you for taking the time to chat! I hope I'm not going to frustrate you too much if we jump straight in to what I suspect is a pain point for you. It seems to me computer programming is a game of "one step forward, two steps back" and every time there's a push for quality improvements, it's immediately offset by something that seems to encourage throwing quality to the winds. Is it a lack of tools, or are the incentives wrong/backwards? Do people just not care if their programs are buggy or full of malware? I am still semi-stunned by the fact that most "Web programming" is done in an environment of trial and error. Is that an accurate perception? What's going on? Brian Chess: This is a pain point for me, but perhaps not for the reason you suspect. I've recently taken off my code analysis hat and gotten back to writing some Web software from scratch. The last time I started this fresh was around 2000 when we were building the foundation that became NetSuite. Here are some of the things that stand out to me about software development ... Access >>>
Premium Content for Free.
Cybersecurity information sharing initiatives on the rise
by Robert Lemos, Contributor
Businesses and government agencies work to improve sharing of cyberthreat information.
Security information management systems and application monitoring
by Joel Snyder, Contributor
SIMs aren’t just for network monitoring anymore.
- Cybersecurity information sharing initiatives on the rise by Robert Lemos, Contributor
Challenges with data protection in the cloud
by Dave Shackleford
Capabilities such as encryption and DLP can be complicated in the cloud.
CISPA cybersecurity legislation wins industry support
by Robert Westervelt, News Director
Legislation designed to provide the federal government with threat data from the private sector gains steam.
- Challenges with data protection in the cloud by Dave Shackleford
Reporter notebook: SCADA security, Oracle vulnerability, SQL Slammer
by Michael S. Mimoso, Editorial Director
Reflections on the ICS CERT alert, Oracle’s handling of a zero-day and more.
Marcus Ranum chat: Software development practices and security
by Marcus Ranum, Contributor
Security expert Marcus Ranum talks with Brian Chess, formerly of HP, about coding practices and security.
Information security threats: Building risk resilience
by Steve Durbin, Contributor
Enterprises need an agile risk management strategy to deal with today’s evolving threats.
- Reporter notebook: SCADA security, Oracle vulnerability, SQL Slammer by Michael S. Mimoso, Editorial Director
More Premium Content Accessible For Free
In this special issue, we are revealing the winners of our Security 7 awards. This is the ninth year we've handed out the Security 7 awards, which ...
Cloud and mobility in the enterprise has caused a heightened need for organizations to take a closer look at next generation authentication ...
Virtualization and cloud computing are part and parcel of enterprise networks today. Virtualization security, however, is still a bolt-on affair ...