There have been several efforts recently (including Obama’s learn to code initiative) to get non-programmers to learn to code. Wait, … what? This is nonsense and a bit like saying everybody should learn how to become a chef, because we all need to eat!
But considering how many developers don’t know even the most basic concepts of security one wonders: Does the industry need a campaign to get engineers to care more about InfoSec+Privacy?
Again, maybe not everyone needs to know about the internals of cryptography, pen-testing or how PKI is deployed. But knowing how common exploits like buffer-overflows, privilege escalation, SQL-Injection or XSS work, would be a good start?
In itself this would not lead to more secure software. But knowing how to statically and dynamically check your project for vulnerabilities, would increase awareness about which patterns or functions are unsafe and why.
Secondly It gives you a better overall understanding of the intrinsics of the language and ultimately makes you a better programmer! And this in turn would lead to more solid+secure software.
This post was written by Joachim Bauernberger. If you like it, why not connect with him on LinkedIn?
Valbonne Consulting provides Research & Consulting for emerging technologies in Internet/Web of Things (WoT/IoT/M2M) and Emerging-Tech. We specialise in decentralisation, security and privacy. We work across a variety of traditional industry verticals (Telecommunications, Automotive, Energy, ...). We support Open Source and technologies built on open standards.