"
From the Office of "Real World Software Security"
When a customers development team was recently asked to use the AntiXSS library, validate input and encode output for their web interface they replied (and I quote) “we do not use cross site scripting”.
If any customer ever asks the single most effective thing to affect a positive change on their software security security program I always respond with education and awareness. Pound for pound, dollar for dollar it is the most effective tool anyone has.
"
No comments:
Post a Comment