There are no shortage of books about cyberattacks and hackers. Some of these fictional stories even postulate that countries will build armies and engage in digital war with other countries. Some of this has come true, with the US and Israel attacking Iranian targets, suspected Chinese hackers targeting the US, and the announcement that Britain is building their own cyber army.
While there are certainly no shortage of attacks made on corporations every day, how long before countries make determined efforts to disrupt their enemies’ economies with digital war? It’s a scary thought, and given the poor security habits of so many developers, it’s possible that many companies might find themselves struggling to conduct businesses while under attack. It might not be any different than if conventional weapons were being used near our facilities.
The state of coding by so many “developers” today is somewhat scary. It’s not even old applications that are vulnerable to SQL Injection, but even new systems that have poor security practices being used that are vulnerable.
I think that secure coding practices like these should be implemented by anyone writing software. I think examples, frameworks, and presentations about coding shouldn’t use simple passwords and bypass checks. Yes, it’s a pain for those that teach, but it also means that shoddy coding practices aren’t proliferated as people borrow your code and alter your examples.
Security is a problem, but I think a lot of the issues would be minimized if we, as an industry and professionals, learned to write more secure code as a matter of habit, not as an additional feature to be added later.
Steve Jones
Video and Audio versionsToday’s podcast features music by Everyday Jones. No relation, but I stumbled on to them and really like the music. Support this great duo at www.everydayjones.com.
|
Voice of the DBA 