Arian J. Evans wrote:
> Overall security is not a feature or a function that you can monetarize.
> It's not even cool or sexy. It's an emergent behavior that is only
> observed when it is making your software harder to use.

Maybe it is just the US Department of Defense environment where I am 
currently working but I see developers start to see this as cool and 
sexy. Most are picking it up quickly and a few are even interested in 
diving in deep into the security world. They ask great questions and are 
doing a lot of independent research on it. We are in an environment 
where they get security awareness training a few times a year and are 
constantly bombarded with security messages but some of them really are 
getting into it. It gives them something new to learn and it is driving 
them to go deeper into some development subjects that they normally 
would not ever be allowed to look at due to delivery schedules. Security 
is giving them a good excuse to go learn more.

Mike Lyman

Secure Coding mailing list (SC-L)
List information, subscriptions, etc -
List charter available at -
SC-L is hosted and moderated by KRvW Associates, LLC (
as a free, non-commercial service to the software security community.

Reply via email to