I’ve written a new article for The Web Application Security Consortium‘s
Guest Article Project. From
the paper
"One of the reasons why vulnerabilities are still common-place is because new generations of developers are
making the same mistakes. I don’t put the majority of the blame on them because they may not know any better.
Many of the people that I know who’ve attended college don’t have training for programming securely and the
few that do only have these classes available in grad school (and this isn’t the norm). Even then these
courses are only covering buffer overflows and don’t get to cover some of the popular vulnerability types
such as sql injection or xss. For starters the majority of programmers don’t have masters degree’s or access
to secure development training, and need direction on security practices which can take months, even years to
develop on their own. The problem is that until they have these security skill sets they may be writing
vulnerable code."
