SQL Clone
SQLServerCentral is supported by Redgate
Log in  ::  Register  ::  Not logged in

Rewrite the Coding Rules

By Steve Jones,

Security is a problem in technology. Whether it's technological misconfiguration, social engineering, or brute force attacks, we see a constant stream of headlines about security issues. The situation is not likely to change anytime soon as security isn't seen as a priority by many companies. If that's the case, then is there anything that can be done to improve security?

Security expert Dan Kaminsky says that we need a fundamental change in the way we write code. By rewriting the way that code is developers, rewriting the rules, we can reduce the vulnerabilities in our applications. One theory is that our languages and the coding techniques used are making it entirely too easy for vulnerabilities to creep into code.

It's an interesting theory, especially these days when it seems so many of our applications are under attack. I suspect that we have lots of poor habits ingrained in many developers. People are loathe to change and they like to continue working in ways that have worked for them. However the world of security in software changes constantly. What might have made you a very effective and productive developer five years ago might make you a liability today.

I believe that we need to somehow build new coding methods, but even more importantly I think people that provide sample code and framework need to do so in a way that showcases best practices and good habits from a security perspective. That includes presenters, who should never show security issues, even if it's for the sake of simplicity. Raise the bar and your audience will come along with you.

Steve Jones 

The Voice of the DBA Podcasts

We publish three versions of the podcast each day for you to enjoy.

Everyday Jones

The podcast feeds are available at sqlservercentral.mevio.com. Comments are definitely appreciated and wanted, and you can get feeds from there. Overall RSS Feed: or now on iTunes!

Today's podcast features music by Everyday Jones. No relation, but I stumbled on to them and really like the music. Support this great duo at www.everydayjones.com.

You can also follow Steve Jones on Twitter:

Total article views: 186 | Views in the last 30 days: 1
Related Articles

Podcast Upgrades

A minor change for the podcasts next week. I got my wireless microphone, and I'm working with it a b...


SQL Server 2005 Security for Developers

Security for developers withou giving sysadim access


Podcast Announcements

Podcast Feeds


Security Change Snapshot

This script gives a server level snapshot of recent security changes


Data Driven Security

Set a security standard across environments that developers can see and run, but not change.

software development