PRO+ Premium Content/Information Security magazine

Thank you for joining!
Access your Pro+ Content below.
March 2002

Coder hubris: Learning security before practicing it

I can't remember the last time I used Microsoft as an example of good security practices. But the recent news that Bill Gates is sending 8,000 of his coders back to security school demonstrates his understanding of a fundamental programming principle: Being good doesn't always mean you're good enough. There's something about being handy with a computer that tends to go to your head -- Gates more than anyone probably recognizes this. The power of being able to manipulate all those bits makes you think you're invincible. Such bright and ambitious coders are just the type Microsoft likes to hire. By sending all his young techno-bellybumpers back to school, Gates is finally admitting that the process of creating secure code is not intuitively obvious, but must be learned. The phenomenon of "coder hubris" takes many forms. Some attempt to create things before they've acquired the necessary expertise. Others try to reinvent the wheel rather than learning from the mistakes of the past. My first observation of coder hubris came very ...

Access this PRO+ Content for Free!

Features in this issue

Columns in this issue