Being knowledgable in the field of information security is useful and beneficial. However, it’s not sufficient, and while it’s (somewhat) easy to argue that it’s necessary there’s a big gap between being a security expert and making software better, or even making software more secure. The security interaction on many projects goes something like this: [...]
Context @unclebobmartin said: One of the bad behaviors that destroys projects is “irresponsible tolerance”. Tolerating what you know you should fix. This triggered a discussion between @phil_nash and myself. As far as this got on the Twitters, we agreed that it’s not necessarily irresponsible to ignore a problem for now as long as what you’re [...]
I have previously written on the economics of software insecurity, and I quote a couple of paragraphs from that post below: One option that is not fully explored in the book, but which I believe could be worth exploring, is this: development of critical infrastructure software could be taken away from the free market. Now [...]
This post is mainly motivated by having read Geekonomics: the real cost of insecure software, by David Rice. Since writing the book Rice has apparently been hired by Apple, though his bio at the Geekonomics site doesn’t mention that (nor his LinkedIn profile). Geekonomics is a thoroughly interesting read. It’s evidently designed as a call [...]