Comments on: Security Justice – Episode 8 http://securityjustice.com/archives/39 A security podcast from Cleveland, Ohio. We talk about security regarding technology and computers but also provide information and news about physical security. Keeping things simple with a good balance between technical, non-technical, and having fun while talking about security is what we are all about! Recorded live in a local pub with audience participation. Thu, 27 Jan 2011 20:40:37 +0000 hourly 1 By: Brandon Knight http://securityjustice.com/archives/39/comment-page-1#comment-113 Brandon Knight Wed, 31 Dec 2008 18:56:10 +0000 http://securityjustice.com/?p=39#comment-113 Regarding pen testing, I certainly think there will always be a need to perform some level of this as we're talking about software written by humans. It's never going to be perfect, and there will be flaws. However, I strongly feel that we still put *way* too much attention on after the fact testing and not enough in training developers. How many college CS programs teach or even bring up the proper and secure way to write code? It's more about functional programming and less to do with proper validation,sanity checking, memory management, etc. This stuff needs to be ingrained so that devs can't just fall back to the easy way out when the deadline/manager is breathing down their neck. This is definitely a larger discussion than a comment box though so I'll stop here. :-) Regarding pen testing, I certainly think there will always be a need to perform some level of this as we’re talking about software written by humans. It’s never going to be perfect, and there will be flaws. However, I strongly feel that we still put *way* too much attention on after the fact testing and not enough in training developers. How many college CS programs teach or even bring up the proper and secure way to write code? It’s more about functional programming and less to do with proper validation,sanity checking, memory management, etc. This stuff needs to be ingrained so that devs can’t just fall back to the easy way out when the deadline/manager is breathing down their neck. This is definitely a larger discussion than a comment box though so I’ll stop here. :-)

]]> By: Kevin Riggins http://securityjustice.com/archives/39/comment-page-1#comment-112 Kevin Riggins Tue, 23 Dec 2008 22:52:27 +0000 http://securityjustice.com/?p=39#comment-112 Thanks for the shout-out guys. Glad the how-to helped. -Kevin Thanks for the shout-out guys. Glad the how-to helped.

-Kevin

]]>