[WEB SECURITY] Great article outlining a core issue with many

Tasos Laskos tasos.laskos at gmail.com
Sun Feb 13 18:51:41 EST 2011


Makes sense for a few people to be bad apples or say something stupid 
despite their field, nationality, etc.
I've walked out of many a lecture (and even moved abroad, and sadly, 
kept walking out of lectures) because of such people.

Starting flame-wars on twitter and blogs and the like because a few 
people are being ignorant or had a bad day or wanted to get (bad) press
doesn't seem to serve any point.

In Greece we have a saying for the people you described:
Those who are out of the dance know a lot of songs.

And it's true that we're low in the business process, when you're 
building a house you don't start by putting in the locks.
A nuclear silo is totally different thing though...

(I'm big on metaphors, house == ordinary business, nuclear silo == a top 
secret gov network...or an actual nuclear silo I guess.)

The main problem seems to be lack of perspective though, we're always 
working in security so we tend to think that that's all that matters
in an attempt to boost our self worth I suppose.

It's not bad for one to take pride in is work but the more one needs an 
ego boost the less well-rounded he'll turn out to be,
that theory is easily verified by just turning on the TV and observing 
today's pseudo-celebrities.

On 14/02/2011 12:08 πμ, robert at webappsec.org wrote:
>> I don't think that a guy saying "Developers don't know shit about
>> security" (blaming developers) should be taken seriously by security
>> specialists and developers alike.
>> That goes for most generalizations I suppose (see, I side stepped that
>> land-mine ;) ).
>
> While we agree, I tend to see on average 2-3 people per conference saying exactly this, some of them
> presenters. Of the people I've heard saying this, all worked for either a consulting company or a vendor
> and were not actually in a role in a company addressing issues.
>
> Regards,
> - Robert
> http://www.webappsec.org/
> http://www.qasec.com/
> http://www.cgisecurity.com/
>
>
>





More information about the websecurity mailing list