We've heard the calls before for better security in the lifecycle, but it seems it's really starting to turn the corner during the first half of this year.
The SANS Institute is leading an initiative to get students better prepared
by offering post-college exams designed to test the skills of those responsible for building software, particularly web applications. Microsoft, meanwhile, launched a blog to openly discuss and debate the Security Development Lifecycle (SDL) work being done at Redmond. Even mighty Google has started a security blog, just as the Month of Search Engine Bugs is about to kick off.
But there's no better indicator than the vendor marketplace.
In a recent chat near the SC offices with Brian Cohen, president and CEO of SPI Dynamics
, and Tracy Simmons, vp of marketing, the pair told me that, in so many words, that business is great.
But what they were most impressed by is the number of requests they are getting from software developers themselves.
Come again? The developers are calling you directly? The people who allegedly don't care about secure code, about all that vulnerability nonsense? The ones who just want to get their apps out as quickly as possible?
This is, no doubt, good news. Certainly compliance regulations such as PCI have helped. But maybe there's something bigger. Perhaps there's a changing philosophy throughout the business community that while web applications will make your company more efficient, they also better be secured.