Tuesday, February 26, 2008
Ways to learn about software security for free!
Have you ever considered that if you aren't asking software vendors and consulting firms about how their employees learn about software security, that maybe they aren't putting time into learning at all...
Security is the job of everyone, yet in most consulting firms they haven't spent a single nickel in terms of learning about software security. This is especially prevalent in consulting firms that focus on ECM, BPM and SOA. After all, if you are going to be exposing these systems to the outside world, wouldn't you want to know that they are secure?
The next time you talk with one of the offshore firms, ask them to enumerate in detail the training that their developers go through in order to learn secure coding practices. If you don't, you will pay for them to rewrite the code in the outsourcing model a second time once you get breached.
Of course, many folks have complained about the low quality of code being written in India outsourcing firms and are still struggling with basic functionality while not even worrying about security. While it is good that the masses are learning to become developers on your nickel, it is still important that everyone have the same body of knowledge.
On the chance that the issue is budget, then you may want to know that OWASP has an answer. Simply find the closest chapter to you and make sure you attend their next meeting.Maybe your firm is even ethical and able to step up and sponsor food and beverages.
If you are in the MA/NY/CT area, you will notice there is a chapter meeting in Hartford on Thursday, so there is no excuse for you to remain ignorant to how to make software more secure...
| | View blog reactionsSecurity is the job of everyone, yet in most consulting firms they haven't spent a single nickel in terms of learning about software security. This is especially prevalent in consulting firms that focus on ECM, BPM and SOA. After all, if you are going to be exposing these systems to the outside world, wouldn't you want to know that they are secure?
The next time you talk with one of the offshore firms, ask them to enumerate in detail the training that their developers go through in order to learn secure coding practices. If you don't, you will pay for them to rewrite the code in the outsourcing model a second time once you get breached.
Of course, many folks have complained about the low quality of code being written in India outsourcing firms and are still struggling with basic functionality while not even worrying about security. While it is good that the masses are learning to become developers on your nickel, it is still important that everyone have the same body of knowledge.
On the chance that the issue is budget, then you may want to know that OWASP has an answer. Simply find the closest chapter to you and make sure you attend their next meeting.Maybe your firm is even ethical and able to step up and sponsor food and beverages.
If you are in the MA/NY/CT area, you will notice there is a chapter meeting in Hartford on Thursday, so there is no excuse for you to remain ignorant to how to make software more secure...
