« Another Opportunity for Improvement in Integrity | Main | On the verge of a nervous breakthrough »



You're missing a big point here : you need to enable developers. Train them, give them secure coding tools like ESAPI, have assessment resources work with them, and give them time to fight the "legacy issue". The entire business needs to take ownership, not just your developers.


@Manicode: those are all excellent examples, I should have mentioned them.

The comments to this entry are closed.