Security bugs aren't bugs.
A "bug" is when the software accidentally crashes. A "security bug" is when a hacker makes your software crash. If there were no hackers, there will be no "security bugs".
This is why support organization don't respond to security bugs, because they ask "are you a customer?", and the hacker says "no", so they respond "it's not a bug, only things customers report are bugs".
It's a light-bulg that needs to go off in everybody's mind, CEO, program manager, customer support, QA testers, engineers: some security problems are "bugs" or "features".
To start with, you can think of a "security bug" just like any other bug or feature request.
But that's not the entirety of secure development. There are things you would do for security that you would never do for normal bugs/features.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment