« Where We Are and Where We Are Going | Main | Service Oriented Security Indications for Use »



I have a different experience than you, among young Java Developers. For the most part, they want to 'code it and see how it works', and are completely unfamiliar or disinterested with measuring design or security robustness and integrity thru the use of (say) Static Analysis tools.

Where I work, it is the experienced developers who were doing big projects in C during 1985-1995, seeing big buggy always-crashing software projects canceled due to not using memory-leak detection tools, who are BY FAR the most receptive to software security measurement.

I admit this is a tangent to your post, but I find this 'generational' or professional-experience difference very interesting. Is there a current analog for messy big projects in C from that era?

The comments to this entry are closed.