Software security clue distribution

摘要

Software security has blossomed nicely in the last few years with the appearance of new textbooks, new courses, and a government mandate, yet there are many people still to be educated. Savvy security people from the operations side tend to decry the cluelessness of software developers, putting the blame for our current software problems squarely on the shoulders of the "builders." However, builders cannot rightly be blamed for their lack of security knowledge, because security is only rarely a part of any standard curriculum. Getting the security message to developers, architects and other builders is an essential aspect of addressing the software security problem. Awareness training for software professionals is one way to do this. Integrating security thinking into the academic curriculum is another.