Accountability is a dirty word, but security isn't."
Attend an almost 3 hours long, no cigarrett and toilet break secure development seminar this week at 9:30am best productivity time in a day. The presenter is from one of big four accounting firms. This is NOT a joke, an accountant tells developers how to do IT security.
Honestly to say, I have this Counterphobia syndrome, a phobic for that people wearing a security hat in a fearful situation. I still believe they are people living by breaking into innocent people and government's safe, trouble makers in young age until grow up and finally realise their life could be ended in jail if keep doing so. And one day they all become security experts.
Starting with every attendee has a brief introduction of self, and answer a question "what are your favourite computer languages?"
Actually, think twice, it's a tricky question, especially in a meeting like this, especially when break news that two security holes in Java 7 and SQL injection flaw in Ruby on Rails found a few days ago. If you follow some security experts suggested what you should do is to shutdown all websites running Java and Ruby.
I skip a straight answer but diplomatically reply that it all depends on the project. The presenter persists same question "What are your favourite computer languages?". I can see he is very disappointed after I give him the SAME answer.
Unfortunately, other developers, mainly programming in Java in the meeting room maybe don't know there is maybe a booby trap attached or just too naive and innocent, telling the presenter they like programming in Java, Ruby, Groovy …
No surprise, after the introduction, the scare campaign comes in.
The presenter acknowledges everyone security alerts in Java then tells people in the whole room Java is becoming next COBOL language, and all Java developers are going to extinct as dinosaurs. He doesn't say you are a stupid although huge Tyrannosaurus Rex, but I know he means it!