We have to make it easier for developers to build secure apps, especially Web apps. We can't keep forcing everybody who builds an application to understand and plug all of the stupid holes in how the Web works on their own — and to do this perfectly right every time. What we need is implementation-level security issues taken care of at the language and framework level. So that developers can focus on their real jobs: solving design problems and writing code that works.
Go to the SANS Application Security Street Fighter for my latest post on how to write safer software using secure frameworks, and application frameworks that are secure. And to read more about the OWASP Developer Outreach.
Hi Jim,
ReplyDeleteAwesome blog! Is there an email address I can contact you in private?
I'm a community leader on a network of developer websites. I really liked your DevOps content and thought you might be interested in some extra exposure on our sites. Send me an email at ross [at] dzone [dot] com and I can explain all the details.
ReplyDelete