While reading on the web recently I actually saw a comment from a developer who expressed (rather strongly as I recall) his thoughts regarding software development ease. His basic premise was that software development has become so easy given the tool-sets available to developers these days that there are too many developers who are developing software that shouldn’t be because while they may understand how to use a tool to get something working, they do not have the background knowledge to really “understand” what they are creating, therefore creating a “danger” – be it a security danger or data integrity danger.
WOW! What a perspective! I believe it was originally posted somewhere in response to the release of the SANS Top 25 Programming Errors. (See my January blog post “Software Development, Security and Programming Errors“). At the time I simply dismissed the comment as being way out in left field – but the comment has haunted me since reading it.
I suspect that the comment has haunted me as it has because I am keenly aware that certainly there is the potential of an element of truth to the perspective. However, I’m not so sure that “easy” software development tools add to the problem, I would expect well designed tools (easy or otherwise) to be producing well designed and secure software.