Your Dreams. Our Design.

David L. Whitehurst

Subscribe to David L. Whitehurst: eMailAlertsEmail Alerts
Get David L. Whitehurst via: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn

Top Stories by David L. Whitehurst

It is my firm belief that developers today are not focused on security during periods of head-down development. I would love to know the percentage of web developers that know about the Open Web Application Security Project or OWASP. This non-profit organization is simply focused on the secure development of web applications. Their education and guidance is freely available to the public yet I do not read much about security in the public development circles, blogs, etc. OWASP first published a book called the Code Review Guide in 2006. In 2006, I led a team on the development of a large web application for the administration of the Women, Infants, and Children (WIC) program for the state of Massachusetts. We were doing weekly code reviews and our focus was on best practice and quality development of the software. Quality code is secure code. OWASP had noticed in ... (more)

Code Ownership

Software developers have the responsibility to produce their best work. Application security comes from within. We need to care about the quality of our code. I personally don't want someone's penetration testing efforts to tell the quality-tale on my source code. Each and every developer should have a sense of ownership of the code that she develops. He should also fix the mistakes, if possible, of shared source. My blog posting brings to light some fearful situations I have encountered during my career as a software developer. I've had the awesome opportunity to work with deve... (more)