Hi, Regarding training non-developers to write secure code, what are the circumstances that a non-developer would create code that would *require* security? I am assuming that system administrators know the basics of their trade and scripting language of choice so security there is taken care of BUT I fail to see other scenarios where code that would be used more than a one-off is developed by "non-programmers". Additional insight would be much appreciated :)
> Message: 1 > Date: Tue, 16 Mar 2010 21:37:03 -0500 > From: "Matt Parsons" <mparsons1...@gmail.com> > To: <owaspdal...@utdallas.edu> > [snipped]I have been a programmer and a security analyst for a few years now. > When > I first started developers told me I didn't know how to code good enough and > CISSP's told me I didn't have enough security experience. Has anyone had > any success training CISSP's and non programmers how to write code securely > and train developers how to become CISSP's and learn how to penetration > test? If not does everyone think that there would be a market for such > training? > > > > _______________________________________________ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. _______________________________________________
