Security practioners all too often complain about what isn't (and probably will never be.) We should instead be looking at the situation for oppportunities to improve security. If programmers aren't going to change, what is the next option for covering their mistakes and keeping things more secure? A true security practitioner understands the environment and has the technical, operational and management experience to identify effective controls and the people skills to effecively communicate them. Is is easy to complain about how bad things are; difficult to look for the opportunities to improve things.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/159/19889#19889