Software problems caused by lack of experience and knowledge amongst writers

By

Problems in the writing of software could be caused by a lack of training, according to a security expert.


Problems in the writing of software could be caused by a lack of training, according to a security expert.

Jacob West, manager of the security research group at Fortify Software, claimed that after working on the CWE/SANS top 25 most dangerous programming errors, he realised that there is a potential problem with a lack of knowledge about building software.

West said: “Most of the people who build software are focused on things other than security, these people are making security-critical decisions on a daily basis, but they can't afford to become security experts as they've got other things to worry about.

“Security is a complicated field and we can't expect everyone to become experts. Software developers and architects, quality assurance testers, and operations engineers all have a wide range of responsibilities.”

He further claimed that the best chance to develop secure software is to get non-experts to make meaningful contributions, and enable them to get security right by teaching skills, tools and arming them with the right processes.

West said: “Despite a sunny outlook, most people building software today have received no formal training on software security. Projects like the OWASP Top 10 and the CWE/SANS Top 25 focus attention on the problems that are causing the most pain, serve as fodder for training programs, and generally increase awareness among non-experts.”

See original article on scmagazineus.com
Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition
Tags:

Most Read Articles

Phishing attack nets enormous npm supply chain compromise

Phishing attack nets enormous npm supply chain compromise

"VoidProxy" PhishKit targets Google and Microsoft users

"VoidProxy" PhishKit targets Google and Microsoft users

Apple adds "mercenary spyware" protection to new A19 chip

Apple adds "mercenary spyware" protection to new A19 chip

VicRoads to phase out passwords in favour of passkeys

VicRoads to phase out passwords in favour of passkeys

Log In

  |  Forgot your password?