Comment Re:Basic programming principles what? (Score 1) 127
That's exactly the problem. If you think to add features first, security later you have already made a fundamental mistake. Writing secure code is not a matter of adding extra checking later. It means writing good, proper code right from the start. One of the most obvious consequences of that is not to use functions like sprintf at all, but use substitutes that allow and in fact demand proper length checking.
My $0.05: Of course managers never see a business case for adding security checking later. There is no obvious way it will make the company more money, so something "more important" will take precedent. But on the other hand, not writing secure code right from the start also means the programmer is not making a habit of writing good code. It shows a serious problem with their attitude toward their own work. That is not to say that there won't still be mistakes made, but a lot of them can be prevented right from the start.