Software problems caused by lack of experience and knowledge amongst writers

By

Problems in the writing of software could be caused by a lack of training, according to a security expert.


Problems in the writing of software could be caused by a lack of training, according to a security expert.

Jacob West, manager of the security research group at Fortify Software, claimed that after working on the CWE/SANS top 25 most dangerous programming errors, he realised that there is a potential problem with a lack of knowledge about building software.

West said: “Most of the people who build software are focused on things other than security, these people are making security-critical decisions on a daily basis, but they can't afford to become security experts as they've got other things to worry about.

“Security is a complicated field and we can't expect everyone to become experts. Software developers and architects, quality assurance testers, and operations engineers all have a wide range of responsibilities.”

He further claimed that the best chance to develop secure software is to get non-experts to make meaningful contributions, and enable them to get security right by teaching skills, tools and arming them with the right processes.

West said: “Despite a sunny outlook, most people building software today have received no formal training on software security. Projects like the OWASP Top 10 and the CWE/SANS Top 25 focus attention on the problems that are causing the most pain, serve as fodder for training programs, and generally increase awareness among non-experts.”

See original article on scmagazineus.com
Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition
Tags:

Most Read Articles

NSW Police to embark on $126m IT overhaul

NSW Police to embark on $126m IT overhaul

CBA looks to GenAI to assist 1200 'security champions'

CBA looks to GenAI to assist 1200 'security champions'

Australia's super funds told to assess authentication controls

Australia's super funds told to assess authentication controls

WestJet probes cyber security incident

WestJet probes cyber security incident

Log In

  |  Forgot your password?