Friday, September 26, 2008
Are you an IT Security Idiot?
How often do you pontificate that others need to look at IT security holistically but otherwise in your daily practice eschew secure software development? Do you continue to allow your lack of software development background become an impediment to making your enterprise truly secure?
Instead of focusing on what not to do, perhaps you should figure out how to focus on doing something securely and interaction with developers may be a great place to start. At the very least, you should learn enough SQL so a properly parameterized query can be illustrated on a whiteboard.
Maybe IT security professionals could also consider being an example by encouraging software developers to attend security-oriented user groups targeted at them such as OWASP. Bill Barr nailed it when he said: I have yet to come across a "security professional" I can't send packing after speaking 3, simple words: Show me code...
| | View blog reactionsInstead of focusing on what not to do, perhaps you should figure out how to focus on doing something securely and interaction with developers may be a great place to start. At the very least, you should learn enough SQL so a properly parameterized query can be illustrated on a whiteboard.
Maybe IT security professionals could also consider being an example by encouraging software developers to attend security-oriented user groups targeted at them such as OWASP. Bill Barr nailed it when he said: I have yet to come across a "security professional" I can't send packing after speaking 3, simple words: Show me code...