Access your Pro+ Content below.
Oracle's Mary Ann Davidson: Secure coding? Absolutely!
This article is part of the Information Security magazine issue of March 2004
Andrew Briney's Secure coding? Bah! article struck a chord, as it should have been titled "Secure coding? Absolutely!" Given that the software industry as a whole has never made a concerted effort to write better code, it's far too early to throw in the towel. Many are convinced that because we can't have perfect code, we shouldn't even try for good code. It's nonsense to give up on writing better code, especially when we appear to have plenty of time to invent new technologies that don't solve our problems. Briney said, "Risk reduction is all about reducing vulnerabilities, mitigating threats and lowering event costs." However, most customers have almost no information on the security-worthiness of the products they buy, and some risks can't be mitigated. The single best thing the industry can do to mitigate users' risk is to write better software. Software development must improve because software has become part of our critical infrastructure. As such, software development should be held to the same standards as other facets ...