Secure Development Lifecycle and Web 2.0
I found this nice blog entry http://blogs.msdn.com/sdl/archive/2008/02/28/sdl-and-web-2-0.aspx
Every single word is true. My impression is that most people in this vibrant web 2.0 space still think they live in happy land where no bad people exist.
Even worse: This might be true… in a awkward sense. As long as a hack simply add somebody to your list of flickr friends one can argue “should I really be scared to death now?”. OK, there might be some photos you might not want to share with anybody unknown, the public, the press… there are some remarkable examples in the press right now…
But this is the fundamental problem of Web 2.0: As long as the value of web 2.0 applications is dispensable, web 2.0 stays a toy. That does not mean you cannot become rich and marry on a rented Caribbean island with only 600 of your closest friends from politics and the movies but it will not make its way to the real thing.
Once entering the real thing security is not an option: It is a must have.
The drawback is that were technology is used in a way it was never meant to be used the likelihood of strange effects which can lead to a security breach simply is higher than necessary.
My advice: You might not get rich as much and as soon but having a good paid and secure job might be nice, too. Go into Web 2.0 security…