SANS: Software Engineering is an Oxymoron

John Pescatore, director of the SANS Institute, a research an education organization, has seen security threats come and go across his 30 year career in the IT security market, which includes time spent as a Gartner analyst. The simple reality of cyber-security in 2013 is that software continues to have lots vulnerabilities, and people continue to have lots of vulnerabilities, Pescatore told eWEEK.

“Each year, we try and change some behavior on the user side, and each year attacks are becoming much more targeted and clever,” Pescatore said.

Another sad truth about the state of IT security in 2013 is that many of the same classes of flaws that existed in 2003 are still popular and are regularly exploited. The root cause of that might well have to do with flaws in how software is developed.

“Software engineering is an oxymoron,” Pescatore said. “Software development is not an engineering discipline.”

Read the full story at eWeek:
Cyber-Security in 2013: Software, People Still Have Vulnerabilities

Sean Michael Kerner is a senior editor at Follow him on Twitter @TechJournalist.

News Around the Web