Software problems caused by lack of experience and knowledge amongst writers

By

Problems in the writing of software could be caused by a lack of training, according to a security expert.


Problems in the writing of software could be caused by a lack of training, according to a security expert.

Jacob West, manager of the security research group at Fortify Software, claimed that after working on the CWE/SANS top 25 most dangerous programming errors, he realised that there is a potential problem with a lack of knowledge about building software.

West said: “Most of the people who build software are focused on things other than security, these people are making security-critical decisions on a daily basis, but they can't afford to become security experts as they've got other things to worry about.

“Security is a complicated field and we can't expect everyone to become experts. Software developers and architects, quality assurance testers, and operations engineers all have a wide range of responsibilities.”

He further claimed that the best chance to develop secure software is to get non-experts to make meaningful contributions, and enable them to get security right by teaching skills, tools and arming them with the right processes.

West said: “Despite a sunny outlook, most people building software today have received no formal training on software security. Projects like the OWASP Top 10 and the CWE/SANS Top 25 focus attention on the problems that are causing the most pain, serve as fodder for training programs, and generally increase awareness among non-experts.”

See original article on scmagazineus.com
Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition
Tags:

Most Read Articles

CBA using facial recognition logins to verify disputed payments

CBA using facial recognition logins to verify disputed payments

Qantas contacted by "potential cyber criminal"

Qantas contacted by "potential cyber criminal"

SA Power Networks tackles IAM, cloud security under five-year strategy

SA Power Networks tackles IAM, cloud security under five-year strategy

Top US diplomat impersonated with AI by unknown actor

Top US diplomat impersonated with AI by unknown actor

Log In

  |  Forgot your password?