- Jul 22, 2014
- 2,525
Code development should have security built in from the start to avoid headaches further along the line, and tools and processes exist to make this possible.
Speaking at the Checkmarx “Shift Left” conference in central London, security researcher Troy Hunt said that it is hard to put numbers on security of code, and it is hard to look at code once it is written and determine if it is good or bad, but if it is bad, it “will cost so much to manage in future.”
Speaking on 'Software Security and Early Prevention of Vulnerable Code', Hunt said that it is educational to go through people’s software and at a late stage, you can “find entertaining vulnerabilities at this stage”.
He said: “It is insightful as often it is the expectation that no one does bad stuff to your software, and ‘no matter what, people screw it up for us’. If we think we use software used in the way it is designed and intended to be used, we are going to have a problem.”
...more in the link above.
...from the series "to prevent is better than to heal"....
Speaking at the Checkmarx “Shift Left” conference in central London, security researcher Troy Hunt said that it is hard to put numbers on security of code, and it is hard to look at code once it is written and determine if it is good or bad, but if it is bad, it “will cost so much to manage in future.”
Speaking on 'Software Security and Early Prevention of Vulnerable Code', Hunt said that it is educational to go through people’s software and at a late stage, you can “find entertaining vulnerabilities at this stage”.
He said: “It is insightful as often it is the expectation that no one does bad stuff to your software, and ‘no matter what, people screw it up for us’. If we think we use software used in the way it is designed and intended to be used, we are going to have a problem.”
...more in the link above.
...from the series "to prevent is better than to heal"....
