Saturday, June 14, 2008
Why do large enterprises allow their IT Outsourcing firms to deliver low quality code?
So, why are customers of Cognizant, Wipro, TCS, Infosys and other Indian outsourcing firms still not requesting that the individuals assigned to their account actually understand at least the basics of secure software development? The funny thing is that folks in India actually have great access to user groups such as OWASP but attendance is abysmal. I don't really care about the cultural aspects for non-participation in a community, I do however care that code is written securely in the first place.
Did you know that the folks in Delhi are having a two day conference on application security? I bet pretty much all of the folks who read my blog who reside in India will be busy making up excuses for why they can't attend and even won't lift a figure to encourage others from their firm to participate. Is this what we desire as a behavior model from outsourcing firms...
Links to this post: