By Deb Perelman
Security protocols have never been a core part of software development, but as this changes, those who have this specialized knowledge are paid a premium.
According to the U.S. Bureau of Labor Statistics' 10-year economic outlook, computer software engineers who work in the application professions sector are expected to be the fourth fastest-growing occupation between 2006 and 2016, increasing by 44.6 percent.
Yet making sure that software is built in a secure way has typically been a secondary concern within the field.
"Software developers have never considered security as really part of their domain. But this is changing," John Pescatore, a Gartner analyst, told eWEEK.
But this stands to change. According to Gartner research, 75 percent of attacks are now targeting applications. Furthermore, as more Web sites develop Web 2.0 technologies and consumers continue to demand mash-up services, developers who know how to incorporate security into the initial creation of applications are expected to carve out an important niche for themselves.
"The job is at the intersection of security and software development. In the last couple years these security issues have risen to the forefront of a concern about doing business online," Mike Weider director of security products at Rational, a division of IBM.
IBM is just one of the companies that view these software security developers as an important specialty that will make a big impact in making the software consumers and businesses use every day more secure.
"Organizations have to wake up to software security and when they look at how they're going to address it, the real problem is often a lack of skill within their development groups. They're looking to hire resources who can educate the rest of the organization while creating and designing security programs," said Weider.
Where software developers are going to learn more about building secure applications is still unclear. Currently, most software developers aren't picking up this information at the university level.
"It's clear that there is a huge problem with software security and the reason is that application developers have traditionally not been trained in security. If you look at most computer science programs today, you don't see a lot a lot of emphasis on security training," said Weider.
While universities increasingly have a security curriculum, they don’t have elements of this included in software engineering.
"You're not learning good security practices and coding at the same time, and that's definitely something we need to see changed," said Pescatore.
Businesses are increasingly requiring everyone in software development to undertake security training, with companies such as Cigital and Security Innovation coming in to retrain software developers on how people attack software and how to avoid some common pitfalls.
Once a software developer has this information under the belt, however, they become much more appealing hires. While most companies don't have a position titled Secure Software Developer, banks and financial services companies appear to be the earliest adopters of this role, followed by contract arrangements.
"One place where there is strong employment in this skill is in consulting firms, who are hiring developers and engineers to help them fix their security problems," said Weider.
The companies that are hiring for this position are willing to pay a premium for these developers.
"Those who have this kind of skill can now easily command a higher salary," said Weider
source:eweek.com
A few months ago we released an ASP.NET 3.5 Extensions Preview that contained a bunch of new features that will be shipping later this year (including ASP.NET AJAX Improvements, ASP.NET MVC, ASP.NET Silverlight Support, and ASP.NET Dynamic Data).
The ASP.NET Dynamic Data support within that preview provided a first look at a cool new feature that enables you to quickly build data driven web-sites that work against a LINQ to SQL or LINQ to Entities object model. ASP.NET Dynamic Data allows you to automatically render fully functional data entry and reporting pages that are dynamically constructed from your ORM data model meta-data. In addition to supporting a dynamic rendering mode, it also allows you to optionally override and customize any of the view templates using any HTML or code you want (given you full control of the experience).
Subscribe to:
Posts (Atom)
