And as soon as these new developers hit the 'real world,' their manager will say: "I don't want it secure, I want it now!" When do managers get training on setting reasonable deadlines, performing code reviews, and putting security in the project plan? When do CXOs learn to empower management to pay attention to security and realize that 'you pay now, or you pay more later'. Is this just a good press release for Microsoft, or do they really believe this will make a difference in the long run? Are they going about this in the right way? Teaching how to break into software and then fix it? Shouldn't they be teaching how to do it right in the first place in _every single_ development class they teach, instead of pushing security for only 11 weeks in a special class? I think a curriculum change might work better. Maybe even grading down programs with security problems in any class. Maybe I'm dreaming... Ever skeptical and full of questions, William 'Skeeter' Murphy, CISSP
This archive was generated by hypermail 2b30 : Tue Mar 25 2003 - 09:52:12 PST