Published at LXer:
We plan our features, write our elegant and efficient code, and test it to make sure it does everything the customer would want. Then, after the application ships and everyone involved pats each other on the back for a job well done, we start getting reports — sometimes within days, sometimes much later on — that there is something wrong with the application. It lets people harvest personal data, or exposes the customer to compromise, or worse yet, it is wormable and can be used to attack other devices with the app on them. It appears we have forgotten to include some simple, easily integrated security development practices.
Read More...