Personally I think secure coding should be included in the entire
curriculum irrespective of the level. People learn habits early on
that they tend to carry for as long as they are programmers. How many
programmers that learned the KR style of indentation for example
continue to use it as their
I have been working on developing a series of documents to turn the
ideas encompassed on this list and in what I can find in books
articles. I am not finding, and it may just be I am looking in the
wrong places, for any information on how people are actually
implementing the concepts. I have
Overall I concur with Bruce on this. PCI has too broad of a
constituent base to cover to be truly effective. Some fixes were
added after the TJX breach, but look at how much TJX paid versus how
much the laid aside to pay. I am betting that the TJX lawyers
produced documents showing that they
Once an application is released or put into production, what are
organizations doing to keep the applications secure? As new
vulnerabilities and classes of exploits are released, how is that
information being fed back to developers so they can update/patch in
the software. At the network most