Pro+ Content/Information Security magazine

Thank you for joining!
Access your Pro+ Content below.
June 2007

Viewpoint: Blame software insecurity on project managers

Blame Begins at Top I believe Edward Adams' frustrations ("Straw House," March 2007) are misguided. The article pins the blame for security flaws on developers. I believe this is incorrect; it's not the lack of academic security training that leads software developers to write code with holes, but rather the project managers' and systems analysts' lack of security awareness. Security must always flow from the top down. Customers do not understand the importance of ensuring their products are coded securely. However, as with all too many security related activities, awareness is often not realized until it is too late. Mr. Adams' article would argue that it is the developer's job to make customers aware. I would disagree. It begins with the systems analysts who have the most contact with the customer. If these analysts were to properly communicate that specific functionality would require steps to ensure secure coding, and stood their ground to ensure software was not released until these steps had been met, today's software may ...

Access this Pro+ Content for Free!

By submitting you agree to recieve email from TechTarget and its partners. If you reside outside of the United States you consent to having your personal data transferred and processed in the United States. Privacy Policy

Features in this issue

  • SIMs maturing and suitable for mid-market

    Security information management systems (SIMs) tools have expanded with more capabilities such as active threat response. The broadening of the technology will provide security managers with a sharper view of their overall security posture.

  • Product review: nCircle Configuration Compliance Manager

    nCircle Configuration Compliance Manager brings policy compliance and secuirty management into one centralized software suite. It provides vulnerability scanning via third-party scanners such as Nessus. This product review rates the software's ease of installation, features and effectiveness.

  • Encryption key management blunders can render deployments useless

    Encryption sounds like an ideal way to protect data but key management, including accountability, training, and enforcement of password complexity, are challenging.

Columns in this issue

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

-ADS BY GOOGLE

Close