There is little doubt that it’s difficult to develop secure software. First, you need to be aware of the need for security, accepting it as an important element of software quality. This is generally not something we learn in school. Not that it matters much, given how many developers are skipping education only to dive straight into building software.
Programming has always been something people can pick up, for better or worse. This is especially true today, with the ridiculous pace at which the Internet is growing and the seemingly permanent skills shortage. Because security awareness is not the norm, chances are that newcomers are going to miss it.
Those few who are aware of the pressing need for security will find that the awareness alone isn’t enough. Because most technologies we use today are insecure by default or can be turned insecure by even the slightest mistakes, and given that the documentation is massively lacking, it takes great skill to navigate the development landscape to avoid the security pitfalls. In essence, we have to be security experts and software developers. How likely is that?
full article
Login to the community
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.