-BEGIN PGP SIGNED MESSAGE-
While you are exactly right that developers write bad code,
we shouldn't leave the developers out in the cold and just
say You are the problem.
Learn to write better code. If there are code auditing and
Ah, my original email wasn't verbose enough. I meant, as others have
pointed out, that there is no one solution but organizations must use
multiple solutions. Code audits won't save you and neither will only
The point of my email was more of a vent because most people, and
media it seems, assume more and more technology is the answer to
security problems. Maybe we should focus more on the developer AND
give them the tools.
We allow developers to have debuggers, right? Why not let
them have code tools that scan for stupid errors like buffer
overflows in their code? It's just another tool in the
toolbox. Great developers, like great artists, still must be
fluent with their tools.
I 100% agree but want to emphasize that developer education and tools
go hand in hand. If you only use one you are only solving part of the
Hope that clears up my initial email.
Michael A. Davis
Chief Executive Officer
Savid Technologies, Inc.
-BEGIN PGP SIGNATURE-
Version: PGP 8.0.3
-END PGP SIGNATURE-