Why don’t developers have a ‘spellchecker’ for security’?

Despite all the news coverage about successful cyberattacks, developers are still writing code full of security vulnerabilities.

Of course, nobody is perfect. We all make mistakes, and as software projects get more and more complex, it can be easy to mix potential problems.

But that doesn’t explain why so much software is full of the most basic errors.

According to a report released this month by Veracode, 61 percent of all internally-developed applications failed a basic test of compliance with the OWASP Top 10 list on their first pass. And commercially developed software did even worse, with a 75 percent failure rate.

These are basic, well-known problems, like SQL injections and cross-site scripting.

To read this article in full or to leave a comment, please click here

Read more: Why don’t developers have a ‘spellchecker’ for security’?

Story added 31. October 2016, content source with full text you can find at link above.