« Reverse Engineering Incentives | Main | How to interview prospective employers »


Bill Stewart

Wonder if Dulles said that before or after he and his brother Allen caused short-term and long-term damage in Iran, Vietnam, Cuba, Guatemala, Indonesia, the rest of Latin America, and anywhere else they could support dictatorships that opposed Communism?

If he had different problems every year, it's because he'd cause a problem in one place and then move on to the next.

Brian B

"The reason the OWASP Top Ten remains static is that we flat out have not made much progress in the past decade. [...] Same issues, different year."

AppSec is tied at the hip to Software Development - a technology discipline that refuses to mature. I hear countless stories of development organizations 'allowing' applications to progress through their SDLC without any objective quality (security) measurement whatsoever. Think: FindBugs, Sonar, Fortify, etc. When formal testing activities begin, large numbers of trivial mistakes are found - mistakes that could easily have been found and corrected by the development teams, with daily or weekly use of code quality tools.

The comments to this entry are closed.