Short blog today, trying to tie stuff up before leaving town...

But this is good news as far as I'm concerned, SANS is offering a standardized programmer security test. About time.

Good stuff. You'd be amazed how little the average programmer knows about actual security. While I'm a fan of moving security into the network where possible, programs need to be locked down - at least for the foreseeable future.

By way of disclosure, Lori and I are talking with SANS about teaching for them, so I'm attached vaguely... But that doesn't impact my thoughts on the topic, I've been in favor of programmers having to know security forever.

Get your programmers signed up. Make certain they have a clue. Get them training if they don't.

It's not wasted money. One hack that makes it into your systems, and you'll lose far more than this investment. Think of it as risk mitigation.

Don.

Reading: Oracle JDeveloper 10g Handbook

Imbibing: water