|
|
|
|
|
|
by marta_morena_28
2045 days ago
|
|
|
You don't need to know much about security to write safe programs. Most of the work is done by others. You need to know how to avoid common pitfalls (i.e. yeah, if your service uses 3rd party code to parse customer provided data and your colleague suggests using this awesome C++ library for it, maybe some alarm bells should go off). Advanced security knowledge is not needed for developing software. What you need is a security team that reviews the work your developers produce. That's it. > bad algo can almost always be rewritten, leak cannot be reverted. And while a bad algo can be rewritten, bad software often can not. Bad programmers are a disaster for scalable software projects. A leak can not be reverted, but so can't the product you didn't ship because you hired the wrong people. Or the company who goes bankrupt because you weren't able to ship a product. Building software with security engineers instead of software engineers is like trying to win a Formula One race with Fighter Jet pilots. |
|
|
You need to know how to avoid common pitfalls (i.e., yeah, maybe nested for-loops with millions of elements per level of iteration, maybe some alarm bells should go off)
Advanced algorithm knowledge is not needed for developing typical business software.
Bad security is a disaster for any public-facing software projects. A product you didn't ship because you hired the wrong people can't be reverted, but neither can a data leak.
Or the company who goes bankrupt because you leaked highly sensitive data.
Etc. etc. ad nauseum.