Click here to monitor SSC
SQLServerCentral is supported by Red Gate Software Ltd.
 
Log in  ::  Register  ::  Not logged in
 
 
 

Rewrite the Coding Rules

By Steve Jones,

Security is a problem in technology. Whether it's technological misconfiguration, social engineering, or brute force attacks, we see a constant stream of headlines about security issues. The situation is not likely to change anytime soon as security isn't seen as a priority by many companies. If that's the case, then is there anything that can be done to improve security?

Security expert Dan Kaminsky says that we need a fundamental change in the way we write code. By rewriting the way that code is developers, rewriting the rules, we can reduce the vulnerabilities in our applications. One theory is that our languages and the coding techniques used are making it entirely too easy for vulnerabilities to creep into code.

It's an interesting theory, especially these days when it seems so many of our applications are under attack. I suspect that we have lots of poor habits ingrained in many developers. People are loathe to change and they like to continue working in ways that have worked for them. However the world of security in software changes constantly. What might have made you a very effective and productive developer five years ago might make you a liability today.

I believe that we need to somehow build new coding methods, but even more importantly I think people that provide sample code and framework need to do so in a way that showcases best practices and good habits from a security perspective. That includes presenters, who should never show security issues, even if it's for the sake of simplicity. Raise the bar and your audience will come along with you.

Steve Jones 


The Voice of the DBA Podcasts

We publish three versions of the podcast each day for you to enjoy.

Everyday Jones

The podcast feeds are available at sqlservercentral.mevio.com. Comments are definitely appreciated and wanted, and you can get feeds from there. Overall RSS Feed: or now on iTunes!

Today's podcast features music by Everyday Jones. No relation, but I stumbled on to them and really like the music. Support this great duo at www.everydayjones.com.

You can also follow Steve Jones on Twitter:

Total article views: 184 | Views in the last 30 days: 1
 
Related Articles
BLOG

Podcast Upgrades

A minor change for the podcasts next week. I got my wireless microphone, and I'm working with it a b...

ARTICLE

Podcast Announcements

Podcast Feeds

FORUM

SQL Server 2005 Security for Developers

Security for developers withou giving sysadim access

FORUM

Podcast Problem

Podcast Problem Blocked by group policy

SCRIPT

Security Change Snapshot

This script gives a server level snapshot of recent security changes

Tags
editorial    
security    
software development    
 
Contribute

Join the most active online SQL Server Community

SQL knowledge, delivered daily, free:

Email address:  

You make SSC a better place

As a member of SQLServerCentral, you get free access to loads of fresh content: thousands of articles and SQL scripts, a library of free eBooks, a weekly database news roundup, a great Q & A platform… And it’s our huge, buzzing community of SQL Server Professionals that makes it such a success.

Join us!

Steve Jones
Editor, SQLServerCentral.com

Already a member? Jump in:

Email address:   Password:   Remember me: Forgotten your password?
Steve Jones