Difference between revisions of "Education and cultural change"

From OWASP
Jump to: navigation, search
m
m (Reverted edits by RooucOzelb (Talk) to last version by Rahimjina)
 
(2 intermediate revisions by one user not shown)

Latest revision as of 14:25, 26 May 2009

Educating developers to write secure code is the paramount goal of a secure code review. Taking code review from this standpoint is the only way to promote and improve code quality. Part of the education process is to empower developers with the knowledge in order to write better code.
This can be done by providing developers with a controlled set of rules which the developer can compare their code to. Automated tools provide this functionality and also help reducing the overhead from a time perspective. A developer can check his/her code using a tool without much initial knowledge of the security concerns pertaining to their task at hand. Also running a tool to assess the code if a fairly painless task once the developer becomes familiar with the tool(s).