I saw this posted late last week – SearchSoftwareQuality.com has a Q&A with Michael Howard about software security. He has some great insights:
- Every organization and every development team has a problem with security. The first step to addressing the problem is to admit this.
- There is nothing magical about security that only high priests can understand. Everyone can understand and apply the basics.
- Tools are great and they have their place, but are not a panacea. They are risky because too many organizations think they are.
Check it out!
dan _at_ denimgroup.com