Secure coding? Absolutely
Many people are convinced that because we can't have perfect code, we shouldn't even try for good code. It's nonsense to give up on writing better code, especially when we appear to have plenty of time to invent new technologies that don't solve our problems.
Briney wrote, "Risk reduction is all about reducing vulnerabilities, mitigating threats and lowering event costs." However, most customers have almost no information on the security-worthiness of the products they buy, and some risks can't be mitigated at all. The single best thing the industry can do to reduce users' risk is to write better software.
By Mary Ann Davidson at Information Security Magazine.
[ Read more ]
- Review: Secure Coding: Principles & Practices (17 October 2003)
- Review: Building Secure Software: How to Avoid Security Problems the Right Way (18 August 2002)