Home > Blogs > Step 1: Legislation

Not sure how we've associated improved and secure coding practice with legislation?

SANS and other progressive security thinktanks have created a list of 25 security mistakes.  In response, a state, I think New York, is considering legislation to ensure that code produced for the state doesn't have one of the errors.

This is genius!  Who needs giving our coding houses a chance to learn the information and find tools to prevent the errors?  We'll accomplish all of that with this country's favorite tool:  Legislative Fiat.

What is the likely result of this?  Petty, frivolous lawsuits against coding houses, struggling to survive in a tough economy?  Massive legal actions against others practicing contributory negligence, including (in no set order):

  1. Operating System vendors
  2. Hardware vendors
  3. Compiler vendors
  4. Pretty much anyone remotely involved in software creation or patching or execution processes?

Maybe I'm wrong, but I think the move to legislate security compliance may just be another shot in the dark that produces few actual achievements.

jt

Comments

comments powered by Disqus

Become an InformIT Member

Take advantage of special member promotions, everyday discounts, quick access to saved content, and more! Join Today.