Top Developer Security Pet Peeves, What Are Yours?

Hey everyone, looks like I’ll get the fabulous opportunity of presenting at this upcoming Microsoft TechEd 2009North America developer track. The topic that I’ll be presenting on is tentatively on is the top things developers can do today to make their applications more secure and trustworthy. There will be demonstrations of today’s most common attack scenarios, mitigations that can be implemented easily and effectively and lots of interesting discussion!

So the question I have for all my readers is this: what are some of the most frustrating things that you find as a developer about security? Do current tools produce too many false positives, is the current guidance on developer security too thin or too thick – what are the top 1-3 security things that frustrate you and/or prevent you from easily integrating security into your normal developer activities?  If you would rather email, send your top 3 to info@impactalabs.com. In a couple weeks, I’ll tally up the results and post them on this blog.

I have my own opinions and experiences, but I thought I would start with the community at large so that during this presentation we can really get to the heart of the problem. More information about my session to come as it becomes available. Looking forward to hearing your thoughts, and if you’re at the conference drop on in, I would love to meet you!

–Kevin

This entry was written by Kevin Lam and posted on February 17, 2009 at 1:17 am and filed under Security. Bookmark the permalink. Follow any comments here with the RSS feed for this post. Post a comment or leave a trackback: Trackback URL.

2 Comments

  1. Hal Martin
    Posted February 26, 2009 at 8:11 am | Permalink

    My biggest pet peeve is the excessive bureaucracy imposed by Software Engineering. For example, trying to impose a coding standard (variable names, method names) on a Visual Studio project which is inconsistent with the coding standard used for .NET classes. For example, mindlessly following some software process (Agile, SCRUM) even when it makes no sense.

  2. Kevin Lam (IMPACTA)
    Posted February 26, 2009 at 3:03 pm | Permalink

    Hey Hal, those are really good ones and ones that I hear pretty often — that the processes imposed don’t seem to add value or make sense! I’ll add that those processes have a good reason behind them (I am guilty of helping make some of those processes), but the real problem is that the value/purpose isn’t apparent too all parties! Thanks for your post and sharing your thoughts Hal!

    –Kevin


Post a Comment

Required fields are marked *
*
*