Don Parker: Bad-Code Blues

The current state of secure software development by corporations both large and small is a mess. “ While many companies make a passing attempt at improving their software products all too often other pressures win out. Software companies that will delay a products launch for the sake of a code audit, third-party threat testing, or an extended quality-assurance (QA) cycle are few and far between. ” We are still cursed with half-baked software, and as a result, a never ending stream of vulnerabilities. Secure coding practices and active quality assurance (QA) efforts are now more mainstream, but that still hasn’t made much of a dent. Today’s Internet experience is marred by the ever present threat of the malicious hacker, and what gives these malicious hackers the ability to compromise a computer is quite simply poorly written... [read full story]