This site graciously hosted
by our friends at


29 February 2004

Looks like we can all welcome a new warrior to the battle for secure coding.

In his recent RSA conference keynote, presidential assistant and Homeland Security advisor General John Gordon (ret.) said, "It cannot be beyond our ability to learn how to write and distribute software with much higher standards of care and much reduced rate of errors and much reduced set of vulnerabilities."

We agree, of course, and especially enjoy the tone of barely contained frustration we think we can detect. General Gordon's speech, by the way, followed by one day a keynote by Microsoft's Bill Gates to the same group.

The General also pointed out, "Once we start writing and deploying secure code, every other problem in cybersecurity is fundamentally more manageable as we close off possible points of attack." (For more information about his address, please see,39020375,39147413,00.htm)

He's right; but we're concerned. His statements could lead one to believe that developing secure code is as simple as Trying Harder. That fallacy helped contribute to the mess we're in today. We're not going to make progress without a general understanding of both why good people write bad code, and when in the development cycle security bugs sneak in.

As for the reasons, some are psychological--developers and attackers often visualize a program in radically differerent way. There are technical, economic and marketing factors, too. A direct assault could yield some quick results here.

But our Big Problem, the one that is going to take a real revolution to fix, is that very few products are brought to market today that reflect security thinking from the ground up.

As a community, we need to pay much more attention to security engineering issues throughout the software development life cycle, starting with sound architectural and design principles and practices. This is not a new idea. Just ask anyone that has designed a bridge in the past few centuries! But it is only beginning to get its due from the software development community.

Changing the way that we develop code so that it comes out more secure is not going to be either quick or easy. So while we applaud the General's call for change, we hope that Homeland Security and his other targets take a deep look at the root cause of our troubles before launching a rescue mission that focuses on fixes instead of full-cycle security.

Mark G. Graff
Kenneth R. van Wyk
Authors, Secure Coding

Copyright (C) 2004, Mark G. Graff and Kenneth R. van Wyk. Permission granted to reproduce and distribute in entirety with credit to authors.

Site Contents Copyright (C) 2002-2004 Mark G. Graff and Kenneth R. van Wyk. All Rights Reserved.