Access and Feeds

Security: Rethinking Priorities for Software Development

By Dick Weisinger

Bulletproof software might be the ideal, but achieving it can be elusive. A report from Veracode found that 85 percent of all software had at least one vulnerability and that 13 percent of all software has at least one high-severity flaw. It’s likely that those numbers are low.

The problem is that development teams often assign security a low priority. Developers are typically more concerned with application speed and usability and just getting software released so that users can start working with it. The release date and frequency of release often overrule all other priorities.

The best way to put higher priority on security for there to be a change in company leadership priorities.

Allan Wintersieck, CTO at Devetry, said that “the hardest part is caring about the issues the team raises and actually acting on them. If someone brings up a valid security concern that will take a week to fix, then you have to delay your release by a week and fix it. Your actions are louder than your words. If you tell everyone you care about security, but never make any sacrifices for it, then the team will know it’s hollow and meaningless and promptly stop caring no matter what you say.”

Digg This
Reddit This
Stumble Now!
Buzz This
Vote on DZone
Share on Facebook
Bookmark this on Delicious
Kick It on DotNetKicks.com
Shout it
Share on LinkedIn
Bookmark this on Technorati
Post on Twitter
Google Buzz (aka. Google Reader)

Leave a Reply

Your email address will not be published. Required fields are marked *

*

5 − 4 =