Facebook with Latestnigeriannews  Twieet with latestnigeriannews  RSS Page Feed
Home  |  All Headlines  |  Punch  |  Thisday  |  Daily Sun  |  Vanguard   |  Guardian  |  The Nation  |  Daily Times  |  Daily Trust  |  Daily Independent
World  |  Sports  |  Technology  |  Entertainment  |  Business  |  Politics  |  Tribune  |  Leadership  |  National Mirror  |  BusinessDay  |  More Channels...

Viewing Mode:

Archive:

  1.     Tool Tips    
  2.    Collapsible   
  3.    Collapsed     
Click to view all Entertainment headlines today

Click to view all Sports headlines today

Is There Tension Between Developers and Security Professionals

Published by Slashdot on Sun, 21 Jul 2019


"Everyone knows security needs to be baked into the development lifecycle, but that doesn't mean it is," writes ZDNet, reporting on a new survey they say showed that "long-standing friction between security and development teams remain." The results came from GitLab's "2019 Global Developer Report: DevSecOps" survey of over 4,000 software professionals.Nearly half of security pros surveyed, 49%, said they struggle to get developers to make remediation of vulnerabilities a priority. Worse still, 68% of security professionals feel fewer than half of developers can spot security vulnerabilities later in the life cycle. Roughly half of security professionals said they most often found bugs after code is merged in a test environment. At the same time, nearly 70% of developers said that while they are expected to write secure code, they get little guidance or help. One disgruntled programmer said, "It's a mess, no standardization, most of my work has never had a security scan." Another problem is it seems many companies don't take security seriously enough. Nearly 44% of those surveyed reported that they're not judged on their security vulnerabilities. ZDNet also cites Linus Torvalds' remarks on the Linux kernel mailing list in 2017, complaining about how security people celebrate when code is hardened against an invalid access. "[F]rom a developer standpoint, things really are not done. Not even close. From a developer standpoint, the bad access was just a symptom, and it needs to be reported, and debugged, and fixed, so that the bug actually gets corrected. So from a developer standpoint, the end point of hardening is just the starting point, and when you think you're done, we're really only getting started." Torvalds then pointed out that the user community also has a third set of entirely different expectations, adding that "the number one rule of kernel development is that 'we don't break users'. Because without users, your program is pointless, and all the development work you've done over decades is pointless... and security is pointless too, in the end." Juggling the interest of users and developers, Torvalds suggests security people should adopt "do no harm" as their mantra, and "when adding hardening features, the first step should *ALWAYS* be 'just report it'. Not killing things, not even stopping the access. Report it. Nothing else."Read more of this story at Slashdot.
Click here to read full news..

All Channels Nigerian Dailies: Punch  |  Vanguard   |  The Nation  |  Thisday  |  Daily Sun  |  Guardian  |  Daily Times  |  Daily Trust  |  Daily Independent  |   The Herald  |  Tribune  |  Leadership  |  National Mirror  |  BusinessDay  |  New Telegraph  |  Peoples Daily  |  Blueprint  |  Nigerian Pilot  |  Sahara Reporters  |  Premium Times  |  The Cable  |  PM News  |  APO Africa Newsroom

Categories Today: World  |  Sports  |  Technology  |  Entertainment  |  Business  |  Politics  |  Columns  |  All Headlines Today

Entertainment (Local): Linda Ikeji  |  Bella Naija  |  Tori  |  Pulse  |  The NET  |  DailyPost  |  Information Nigeria  |  Gistlover  |  Lailas Blog  |  Miss Petite  |  Olufamous  |  Stella Dimoko Korkus Blog  |  Ynaija  |  All Entertainment News Today

Entertainment (World): TMZ  |  Daily Mail  |  Huffington Post

Sports: Goal  |  African Football  |  Bleacher Report  |  FTBpro  |  Kickoff  |  All Sports Headlines Today

Business & Finance: Nairametrics  |  Business Insider  |  Forbes  |  Entrepreneur  |  The Economist  |  BusinessTech  |  Financial Watch  |  BusinessDay  |  All Business News Headlines Today

Technology (Local): Techpoint  |  TechMoran  |  TechCity  |  Innovation Village  |  IT News Africa  |  Technology Times  |  Technext  |  Techcabal  |  All Technology News Headlines Today

Technology (World): Techcrunch  |  Techmeme  |  Slashdot  |  Wired  |  Hackers News  |  Engadget  |  Pocket Lint  |  The Verge

International Networks:   |  CNN  |  BBC  |  Al Jazeera  |  Yahoo

Forum:   |  Nairaland  |  Naij

Other Links: Home   |  Nigerian Jobs