The focus on software development is usually getting the system
completed on time and hopefully at or under budget. Some organizations
may even add a requirement that few known bugs may ship with the
product, though the amount of testing and validation of that can vary
greatly.
The security of those systems usually comes
some position after that, especially if the organization doesn't have a
regulatory requirement for that. In fact, even those organizations may
only pay lip service to the need for secure software until they face a
breach of their own.
Much of that is driven by business
needs. The eyes of the leaders is on profit and loss (as it should be)
and the new system needs to be available to help with the profit of
raising income for the company.
This is as it should
be, since a company without income and profits will soon be out of
business, but it minimizes the impact of defects and security flaws on
the business. Some organizations are starting to understand that
defects can be costly, but only a few of those realize that security
flaws are just another kind of dangerous defect.
Realizing
this would help make educating people about the value of preventing or
quickly fixing defects or security flaws more effective since only one
message would need to go out.
Monday, January 2, 2012
Subscribe to:
Posts (Atom)