Premium Content

Access "Secure coding essential to risk mitigation planning"

Andrew Briney, Information Security magazine Published: 21 Dec 2012
IDSes takes aim: Emerging

This article is part of the January 2004 issue of IDSes takes aim: Emerging "target-based" systems improve intrusion defense

"The root of the vulnerability problem is that programmers don't know how to code securely. If programmers were taught security in the first place, my job would be 100 times easier." How many times have you heard this? All together now, repeat after me: Not gonna happen. Don't get me wrong. Building secure software is a laudable goal. It boosts productivity and reduces costs. According to one study, it's 6.5 times more expensive to fix a security problem in the implementation phase than in the design phase of a software rollout. By the time you get to the maintenance phase, it's 100 times more expensive. But we'll burn too much time and energy chasing a totally impractical objective. Secure programming is an oxymoron because none of the parties who could make it happen on a broad scale are properly "incentivized." Industry leaders care about two things: how to make more money and how to spend less. The notion that secure programming helps them increase efficiency and cut costs in the long run ignores the fact that it's faster and cheaper to build crappy ... Access >>>

Access TechTarget
Premium Content for Free.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Already a member? Login to access this content.

What's Inside

Features

More Premium Content Accessible For Free

Back to top