An article about the lack of implementation of Secure Development Lifecycle by real world developers on the Dark Reading website
Real-World Developers Still Not Coding Securely - Dark Reading
One of the problems highlighted is the programmers are not trained in secure programming and much of the lack of training comes down to a lack of time, as a developer is only productive if produce code for an application and there is a demand to get applications out quickly.
Learning secure coding principles and implementing them takes time that the business is just not giving its developers, however Universities and Colleges should be helping business by teaching at least the basics of secure programming to undergraduates.
However it is not just secure programming that is important but the testing of the finished application before release has to be complete and cover testing for vulnerabilities.
The article does finish with a quote from Rob Rachwald, director of security strategy, Imperva, "SDLCs are nice but vulnerabilities are inevitable and enterprises shouldn't let secure coding practices lull them into a false sense of security."
No comments:
Post a Comment