« Mobile Session Management - Which Session? | Main | Complexity Management with Tokenization »



Nice article but if I may add my 2 cents --


1. Developers are always given very less time to complete their project & all these years, security was not in their list.

2. Core developers who actually do coding, is very less in any Enterprise. All we have is Developers just working on a project without complete knowledge or command on the code just fulfilling business requirements.

3. The mindset of Developers always crave to be a project manager/ program manager/ delivery manager, etc. Never towards 'build a secure & great code'. Well, the companies expect the same too.

Security Professionals:

1. If Developers have the 'secure' knowledge, then any company will cut the number of security professionals to minimal because majority of the companies doesn't care for security until unless a big financial breach happens.

2. A great Developer can be a good Security guy, but a great security guy can never be a good Developer.

3. Budget allocated to 'Info sec' division in an Enterprise is less than 'Physical Sec' division. That's why people doesn't stick to quality of work.


John Wilander

Hi Sarath! John Wilander here.

Intersting thoughts. However, I disagree with point three under Developer. I'd say very few good developers want to leave their profession and be a manager of some sort. Good developers love code.

The comments to this entry are closed.