I found this interesting bit about holding developers personally responsible for the code that they produce. Not only do I think it’s unfair to the developer, I think it would be higly inefficient. You think it takes a long time to develop an app now? Wait until the developer learns that should his software have security flaws, his next cubical with be a 9’ x 9’ cement cell. Not cool…
“In software development, we need to have personal quality assurances from developers that the code they write is secure,” said Schmidt, who cited the example of some developers he recently met who had created a Web application to talk to a back-end database using SSL.
<p>I do agree with the fact that developers <strong>do</strong> need more training in the security arena. Personally, I graduated with a design degree (completely non-IT) so I can’t say how much of <a href="http://www.csuchico.edu"><span class="caps">CSU</span> Chico’s</a> CS degree focuses on security.</p>
Schmidt also referred to a recent survey from Microsoft that found that 64 percent of software developers were not confident they could write secure applications. For him, better training is the way forward.
“Most university courses traditionally focused on usability, scalability and manageability-
not security. Now a lot of universities are focusing on information assurance and security, but traditionally Web application development has been measured in mouse clicks-how to make users click through,” Schmidt said.
<p>In the end, it should be on the companies shoulders whether their applications are secure or not. Companies should be held accountable for hiring and training employees. Since most companies force you to sign NDAs, it would be a slap in the face…</p>
<p>“<strong>All the code you write is ours… except in the case of security flaws. Then we’ll be blaming you and detach ourselves of any and all responsibility.</strong>“</p>
<p>What do you suppose the turnover rate for developers would be over at Microsoft?</p>
Hey…I agree with what you are saying…
This is off topic but…hey you can’t possibly get that angry…
What do you think of Gentoo since you’ve been running it for a bit now (I think)? You said you are dual booting with XP…curious how you are doing this…are you using LILO or what?
I am going to to try installing a couple OS’s on my Thinkpad – there are so many ways to go about controlling this…just wonder what you are doing and impressions what your impressions are?
On another note…We got a new dog…check our blog for photos…He is the black pug and his name is Mao.
Hope all is well with you Randy -
Nathan
There are a bunch of ways to go about to dual (or tripple, quadrupal, etc) boot. I recommend installing Windows first (if you plan on installing) as it like to overwrite the MBR on the drive so that if you had something like LILO or GRUB installed, it would hose that.
I use GRUB currently. I’ve never really tried LILO so I can’t really comment on the differences. GRUB is pretty easy use/configure though. I think most distros give the option of both these days… Gentoo recommends (read: uses GRUB as a default in the installation docs) GRUB so that’s what I stuck with.
Lately, I’ve been looking at ArchLinux and am thinking of trying it out. Gentoo is a great distro, but it really does take a long time to build a complete system. Not to mention everytime there’s an update to some package, you have to re-compile it. Arch is mainly a binary distro with the felxibility to compile if you so choose… dunno yet.
I’l have to check out the pugs… I like pugs, they have great spirit! Although, they are hard to house train I’ve heard
Hmm…never use grub myself – always been a fan of LILO…I guess I’ll have to take a look at it…ArchLinux is a cool distro – I’ve heard a lot of good things about it…a lot of guys that run Vector are also keen on using Arch. Another distro that I’ll have to try. These days I’ve been playing around with Wolf Linux (or something like that)…its a single floppy OS…command line only…I’ve been surfing with in fullscreen text with Links. Hard to imagine whats possible with a single floppy. It could definitely be customized…throw in a command line mp3 player and you’ve almost got a full featured pc (minus all the eye candy). Tried (unsuccessfully) to install several OS’s on an old sub notebook (486/4mb). The 4mb’s of ram is quite a barrier.
I’ve been a bit intimidated with Gentoo. I always think about trying it and then I start reading about the installation – and compiling…and I always talk myself out of it.
Our pugs have been fun. We thought we had our first (Faye) potty trained – and then Mao came. Maybe she’s just upset she’s got competition now. Pugs are funny dogs that demand a lot of attention.
Ayako just put a bunch of new pics of the dogs…they crack me up.
Gentoo is pretty tame. It just takes lots of attention and time.
I started Arch this morning (kind of by accident) and have it running (for the most part). I still need to configure/install some drivers for my video to work properly, but it was really quite painless. Gotta love binary distros. To get to the same stage I’m at now would have taken at least a whole day with Gentoo… the Arch way only took about an hour (once I got the hang of it).
I saw the pics of the pugs and the pumpkin…funny. If you guys have a free weekend, you should stop by with the little ones. We bought a house in Santa Ana and have a fairly big back yard for them to run free.