Singed Your Hair On That One, WH.   Leave a comment

JoshBW , Michael Coates, and Pinvoke deconstruct a research project by White Hat Security.  From Josh, a pithy summary I agree with almost wholeheartedly:

All of that said, for any given organization the languages that are probably the most secure are the ones the developers are most comfortable writing code with. Forcing a PHP developer to write mvc.net code because you feel it is more secure is a mistake and will buy you nothing but a longer development cycle. (exception – if your coders still swear by CGI you really are better off forcing them into something invented in the past decade even if they will have a learning curve. You probably shouldnt’ have let them be so resistant to change to begin with).

My exception to his exception: someone who can program secure C code for a CGI-based web site is probably a valuable developer.  The problem is, (s)he is going to be dang hard to replace.  The value in forcing your development crew to stay current with technology – at least, not five “cool frameworks” in the past – is that eventually you’re going to have to hand that code over to somebody else.

And the likelihood that their replacement can write secure C code is very low.  It’s really easy to shoot yourself in the foot with C.

Advertisements

Posted May 26, 2010 by padraic2112 in security, tech

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: