Those who paid attention in science class should not be surprised by the almost daily deterioration in business information security. Entropy, the second law of thermodynamics, is defined by Merriam Webster as “the degradation of the matter and energy in the universe to an ultimate state of inert uniformity.” For some reason, many of those in the application development world seem to think they are not governed by the laws of thermodynamics. I would suggest otherwise.

Consider the following scenario: Acme corporation is developing a new web application. They have a well-defined software development life cycle function and follow development best practices. Their developers receive ongoing security training, and consider OWASP Top 10 in their development effort. They use a commercial tool for checking their code and conduct internal and external vulnerability testing. Any defects discovered are fed immediately back to the developers for resolution. They deploy their application in accordance with a defined change management process, with executive review and approval. Everything done, by the book, a model development operation. Once a version is done and tested, they immediately focus on the new functionality requested by marketing for version two.

To read this article in full or to leave a comment, please click here