This post originated from an RSS feed registered with Agile Buzz by James Robertson. Original Post: People don't want secure code Feed Title: Cincom Smalltalk Blog - Smalltalk with Rants Feed URL: http://www.cincomsmalltalk.com/rssBlog/rssBlogView.xml Feed Description: James Robertson comments on Cincom Smalltalk, the Smalltalk development community, and IT trends and issues in general. Latest Agile Buzz Posts Latest Agile Buzz Posts by James Robertson Latest Posts From Cincom Smalltalk Blog - Smalltalk with Rants

Yes, that's a provocative title. I was reading this piece by Jim Rapoza of eweek - and I ran across this:

But why should we expect it to be? Face it: The bad coders are winning. They've convinced users and companies that bugs, security holes and patches are inevitable, and everyone just shrugs their shoulders and accepts that - no matter how bad things get.

But it doesn't have to be this way. All of us have seen even large, complex applications with source code that's clean, free from bugs and secure. All it takes to write good code is the desire to do so, but there really isn't any incentive for software companies to write clean, secure code.

It's not simply a matter of desire, it's a matter of incentives. Part of it is what he says in the next paragraph - end users of software want new features and functions more than they want anything else. I don't think that's all of it though. A large part of it is price. Look at what's driving the industry today - open source and outsourcing, both of which (from an IT management perspective) are about cost control. Secure code? Way, way down the priority chain. If we can get systems done for $15 an hour, have it!

You won't start seeing secure code until end users are willing to pay for it. At present, it's pretty clear to me that most aren't willing to.