Tuesday, January 20, 2009

Builders and Breakers?

In recent infosec news, there is some buzz referring to the term "Builders and Breakers". Builders are the developers that build applications. Breakers are the hackers that break applications.

In today's industry, the focus of information security in almost all organizations is "Breaking". Information Security Professionals are usually asked to hack applications rather than participate in designing/developing secure applications. The question remains...why not build securely?

The best way is to BUILD securely. Strong applications are those that integrate security into the SDLC at each phase with a focus on BUILDING secure applications.
Posted by at 6:41 PM
Labels: , ,

2 comments:

  1. Jason, you are making an excellent point.

    Do you have any suggestion for the project manager that is required by the customer to meet a short deadline and with a small budget? How to add security as part of the requirements for the applications under these constraints?

    A big part of the issue, in my opinion, is the lack of understanding by the business and application owners. It is simply not that important to them, until their application gets hacked, but then it is too late.
    ReplyDelete
  2. Andres, thanks for the feedback.

    Yes I do have a few ideas in the upcoming posts. It is mainly pertaining to security design reviews and early stages of planning. Stay tuned!
    ReplyDelete

Subscribe to: Post Comments (Atom)