tag:blogger.com,1999:blog-4088979.post2223518431163812461..comments2023-10-16T06:06:25.012-04:00Comments on TaoSecurity Blog: Lessons from Analog SecurityRichard Bejtlichhttp://www.blogger.com/profile/13512184196416665417noreply@blogger.comBlogger2125tag:blogger.com,1999:blog-4088979.post-82741482314763394162007-12-21T07:33:00.000-05:002007-12-21T07:33:00.000-05:00This comment has been removed by a blog administrator.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-4088979.post-69742956218079498852006-12-29T15:59:00.000-05:002006-12-29T15:59:00.000-05:00Issues like this can typically be addressed during...Issues like this can typically be addressed during the design phase. While software development lifecycles are typically things held in the classroom and not on the floor, this is something that should be discussed during the design phase. Problem is, the design phase never includes an open discussion with security engineers. This is where that gap would be addressed. When designing things like sequence diagram, a development team, including security engineers, would address and notate that secure methods are required at points A, C, and F. <br /><br />it would be nice if that gap could be addressed, of course the bigger problem is that software developers usually skip the design phase and go at it with the "Shoot first, shoot again, and try asking a question or two when finished shooting". Computer scientists needs to address the gaps in their own community before trying to bridge any gaps with others...John Wardhttps://www.blogger.com/profile/10741149622435353727noreply@blogger.com