In today's world of massive software development projects being started everyday, and new websites being published almost every minute, the question for many organizations is "Where should security be enforced?" For way to many companies, this question never comes up in meetings with developers, and even worse in meetings with senior management. I cannot count the times that I have been asked, "Who would want to do that?" or "Why would someone go through all that trouble just to put a pop-up box on the screen?". Obviously, these people do not get security, and educating them to a point where they will can is going to take some effort. In the mean time, projects are going to continue to get developed and bugs are going to continuously be pushed out to the masses and get exploited.
Nonetheless, we still have to answer the question of "Where should security be enforced?". To me this question is simple: In every step of the software development life cycle.
From conception to design to maintenance and support, security is a relevant part of any new application, and is paramount in the patches that go out to fix existing vulnerabilities. Without security viewed as a feature, software will never be as secure as it could be.
About Me
- Matt Presson
- I am an application security analyst and developer for a large Fortune 500 company where I perform security assessments, develop policies and procedures for securing all manner of applications, and provide guidance to developers throughout the SDLC. My personal life consists of caring for my family, reading books (when I am able), and generally enjoying life's experiences.
0 comments:
Post a Comment