Gary Varga (11/11/2013)
Steve, sorry but I disagree. Yes, examples should be complete including best security practices where appropriate, however, it does have an impact on effort. Security needs planning, design and testing. Also it may need infrastructure as well as investment in hardware and/or software. Then there is maintenance, management and training. And after all that I still believe it is a sound investment.
Yes, but password management, authentication, secure coding for sql calls, all of these techniques and skills exist. If we all used them from the beginning, as part of our habit, the effort in planning and engagement would be much, much lower.
I'm not saying all security decisions can be removed, but lots can.