Friday, September 26, 2008
Are you an IT Security Idiot?
Instead of focusing on what not to do, perhaps you should figure out how to focus on doing something securely and interaction with developers may be a great place to start. At the very least, you should learn enough SQL so a properly parameterized query can be illustrated on a whiteboard.
Maybe IT security professionals could also consider being an example by encouraging software developers to attend security-oriented user groups targeted at them such as OWASP. Bill Barr nailed it when he said: I have yet to come across a "security professional" I can't send packing after speaking 3, simple words: Show me code...
Links to this post: