Are universities to blame for programmers' lack of skills in secure coding? Is the industry's preoccupation with functions and performance the cause? How much responsibility rests with programmers themselves? Share your opinion.
Security Training Falling Through the Education Cracks
Even today, the average developer is insufficiently trained in secure coding practices, and few universities are paying any attention. A panel of experts discusses where the blame—and responsibility—for security training lies.
by Glen Kunene, Senior Editor
February 22, 2005
an Francisco, Calif.—"Ninety-nine percent of the people want to write secure code," said panelist Ira Winkler, at the Secure Software Forum last week, "they just don't know how." Winkler, Global Security Strategist for CSC Consulting, was one of 12 panelists at the SPI Dynamics-hosted event, and his comment was at the core of the main point of contention during the 90-minute discussion about the security process in software development lifecycles.
"The people" to whom Winkler was referring are software developers, who many of the panelists (mostly senior security officers and consultants) believe lack the necessary secure coding skills for their organizations. As many of them have been forced to supplement those skills through training, they voiced dissatisfaction with the colleges and universities who are graduating these programmers with computer science degrees.
It's quick, easy and you get access to all the articles on DevX.
This registration/login is to allow you to read articles on devx.com. Already a member?
To become a member of DevX.com create your Member Profile by completing the form below. Membership is free!
an Francisco, Calif.—"Ninety-nine percent of the people want to write secure code," said panelist Ira Winkler, at the Secure Software Forum last week, "they just don't know how." Winkler, Global Security Strategist for CSC Consulting, was one of 12 panelists at the SPI Dynamics-hosted event, and his comment was at the core of the main point of contention during the 90-minute discussion about the security process in software development lifecycles.
