Home > Blogs > Step 1: Legislation

Not sure how we've associated improved and secure coding practice with legislation?

SANS and other progressive security thinktanks have created a list of 25 security mistakes.  In response, a state, I think New York, is considering legislation to ensure that code produced for the state doesn't have one of the errors.

This is genius!  Who needs giving our coding houses a chance to learn the information and find tools to prevent the errors?  We'll accomplish all of that with this country's favorite tool:  Legislative Fiat.

What is the likely result of this?  Petty, frivolous lawsuits against coding houses, struggling to survive in a tough economy?  Massive legal actions against others practicing contributory negligence, including (in no set order):

  1. Operating System vendors
  2. Hardware vendors
  3. Compiler vendors
  4. Pretty much anyone remotely involved in software creation or patching or execution processes?

Maybe I'm wrong, but I think the move to legislate security compliance may just be another shot in the dark that produces few actual achievements.