From my experience all software developers are now security engineers wether they know it, admit to it or do it. Your code is now the security of the org you work for. #GoldenAgeOfDefense
I dunno, just because you're stabbing people don't mean you're a surgeon... But I suppose that directly makes your point. Every engineer can "cut an artery" with the simplest of patches..
As Pink Floyd once sang many years ago “Careful with that axe, Eugene!”
What similarities and differences are there in the definitions of developer and engineer? How does the term engineer compare between the software industry and other industries? 🤔
Developers write code and specialize in React or .NET and similar. An engineer, however, is solving broader, technical problems beyond just coding in a specific framework. Engineers are typically architects and full solution providers and consider a lot more of the SDLC.
Jim in your opinion, what's the most positive way to get this across? I really want to get this message across, but at times I feel it just falls on deaf ears. I also want it to be a positive message, not the usual "security people nagging me again" message.
Information Security concerns everyone of us. DevSecOps for the win.
I don't always do AppSec, but when I do, it's DevOps. Stay automated, my friends.
Yeah... agree. I would add that: Secure software is an expense (or expensive property), at least in the upfront part of life cycle. The real difficulty is how to sell it.
Several years later I’m gonna have to agree with you that secure software is very expensive to build - it’s much easier especially at first to just slap out whatever that’s barely working and get it live and fix it later
Hey Jim, what’s your opinion on security champions? Any experience with that concept?
I think it’s fundamental, especially in big companies where dev’s massively outnumber AppSec staff. Identifying, promoting and supporting dev’s who deeply understand security and communicate well with other dev’s on security - is fundamental to good AppSec programs!
When has this not been the case? Secure software is about quality software.
So I strongly disagree that secure software is about quality, even though they are related. Secure software construction is a •highly specialized skill• and is very expensive and difficult to build today.
wether is spelled "whether"...Twitter needs a darn "edit" button for Pete's sake.
Well weather or not I spelled it right I agree Twitter needs an edit feature!
Not another one-thing-fit-all situation. It is possible to have a platform that allow the separation of concerns. Architecturally, it is not efficient for one developer/engineer to be proficient in all layers. We need automation, separation of concerns and good architecture.
I did not know you could separate security as a concern in any form of software development. 🤷🏻♂️
Well that is they way it should be. But most coders don’t think or more importantly aren’t measured on security first. This goes all the way back to college. Both students got an A one program was twice as long because all inputs were checked. Not the right incentive.
I agree. My entire career has been focused on this to the exclusion of almost everything else.
United States Trends
- 1. Cowboys 87.4K posts
- 2. Eagles 125K posts
- 3. Rams 21.7K posts
- 4. #BaddiesUSA 17.6K posts
- 5. Stafford 9,525 posts
- 6. Bucs 9,406 posts
- 7. Baker 17.1K posts
- 8. Scotty 5,995 posts
- 9. #RHOP 7,491 posts
- 10. Pickens 27.5K posts
- 11. Raiders 54.1K posts
- 12. Stacey 28.3K posts
- 13. Browns 99.3K posts
- 14. Todd Bowles 1,100 posts
- 15. Davante Adams 2,214 posts
- 16. Shedeur 112K posts
- 17. Nimmo 18.6K posts
- 18. Ceedee 1,179 posts
- 19. Patullo 11.7K posts
- 20. #ITWelcomeToDerry 5,428 posts
Something went wrong.
Something went wrong.