Jacob West, manager of the security research group at Fortify Software, claimed that after working on the CWE/SANS top 25 most dangerous programming errors, he realised that there is a potential problem with a lack of knowledge about building software.
West said: “Most of the people who build software are focused on things other than security, these people are making security-critical decisions on a daily basis, but they can't afford to become security experts as they've got other things to worry about.
“Security is a complicated field and we can't expect everyone to become experts. Software developers and architects, quality assurance testers, and operations engineers all have a wide range of responsibilities.”
He further claimed that the best chance to develop secure software is to get non-experts to make meaningful contributions, and enable them to get security right by teaching skills, tools and arming them with the right processes.
West said: “Despite a sunny outlook, most people building software today have received no formal training on software security. Projects like the OWASP Top 10 and the CWE/SANS Top 25 focus attention on the problems that are causing the most pain, serve as fodder for training programs, and generally increase awareness among non-experts.”
See original article on scmagazineus.com
.png&h=140&w=231&c=1&s=0)
.png&h=140&w=231&c=1&s=0)
.png&w=100&c=1&s=0)
Private AI vs Public AI: How your organisation can securely adopt AI without compromise and excessive cost
iTnews Benchmark Security Awards 2025
Digital Leadership Day Federal
Government Cyber Security Showcase Federal
Government Innovation Showcase Federal
.jpg&h=140&w=231&c=1&s=0)
.jpg&h=140&w=231&c=1&s=0)
