Security is a problem in technology. Whether it's technological misconfiguration, social engineering, or brute force attacks, we see a constant stream of headlines about security issues. The situation is not likely to change anytime soon as security isn't seen as a priority by many companies. If that's the case, then is there anything that can be done to improve security?
Security expert Dan Kaminsky says that we need a fundamental change in the way we write code. By rewriting the way that code is developers, rewriting the rules, we can reduce the vulnerabilities in our applications. One theory is that our languages and the coding techniques used are making it entirely too easy for vulnerabilities to creep into code.
It's an interesting theory, especially these days when it seems so many of our applications are under attack. I suspect that we have lots of poor habits ingrained in many developers. People are loathe to change and they like to continue working in ways that have worked for them. However the world of security in software changes constantly. What might have made you a very effective and productive developer five years ago might make you a liability today.
I believe that we need to somehow build new coding methods, but even more importantly I think people that provide sample code and framework need to do so in a way that showcases best practices and good habits from a security perspective. That includes presenters, who should never show security issues, even if it's for the sake of simplicity. Raise the bar and your audience will come along with you.
Steve Jones
The Voice of the DBA Podcasts
We publish three versions of the podcast each day for you to enjoy.
- Watch the Windows Media Podcast - 19.3MB WMV
- Watch the iPod Video Podcast - 17.0MB MP4
- Listen to the MP3 Audio Podcast - 3.5MB MP3
The podcast feeds are available at sqlservercentral.mevio.com. Comments are definitely appreciated and wanted, and you can get feeds from there. Overall RSS Feed: or now on iTunes!
Today's podcast features music by Everyday Jones. No relation, but I stumbled on to them and really like the music. Support this great duo at www.everydayjones.com.
You can also follow Steve Jones on Twitter: