Please create an account to participate in the Slashdot moderation system


Forgot your password?
Slashdot Deals: Prep for the CompTIA A+ certification exam. Save 95% on the CompTIA IT Certification Bundle ×

Comment Re:Yeah, right. (Score 1) 534

You are right. No one is talking about absolute 100% security here. The top 25 is the most egregious and easily remedied defects. These are the easy ones folks. Ones we know alot about and know how to prevent.

We need software to be free of them because organizations are under attack through application vulnerabilities. Has anyone heard of Google/Aurora or Heartland Payment Systems? Both organizations were breached through software defects.

When the environment changes software needs to change. You wouldn't take a regular car off road into a military usage and expect it to perform well. We are expecting the software process to not change (too expensive, too hard, 100% security is impossible) yet perform well under constant scrutiny and attack.

We need to change how we build software and having customers set security requirements is the best way to do it.


"The identical is equal to itself, since it is different." -- Franco Spisani