|
|
|
|
|
|
by theworld572
2512 days ago
|
|
|
I've been on both sides of this game - worked as a developer and also worked as a penetration tester. I've seen pen testers laugh at the stupid vulns that developers introduce and I've laughed at a few myself. But I've also seen the deadlines as a developer, bugs that are bringing the whole system down and costing the company lots of money, legacy code that is extremely hard to understand and difficult to even get your feature working. Those on the security side often only think "its really not that difficult to make it secure, just follow these guidelines and you'll be fine", but they don't realise the myriad of other issues that the developers are dealing with. EDIT: Security needs to be encouraged from the top down. If management is onboard with follow secure practices then they need to also understand that that means things might take a little longer to complete. |
|
|