Developers Need Secure Development Training

Why do developers need secure development training as well as their regular training?

There is an old joke about 50% of doctors graduating in the bottom half of their class. It’s kind of a sobering thought but it’s true of all fields. The software development field has an additional burden in the fact that many developers come to the profession from other disciplines and never formally studied software development at all. They started programming for one reason or another and decided they liked doing so they stayed. Read some books, take a few classes and start writing code.

They can do this in part because development is still more of a creative process than a rigorous engineering process. Many developers consider themselves artists. Developers are mostly focused on creating something that works. They take known processes and procedures and put them together in new and creative ways to accomplish their tasks. We are adding more engineering type rigor to the process but we a long way from other engineer fields. Continue reading “Developers Need Secure Development Training”