Security experts agree that there's something wrong with the software development process, but there are differing opinions on how to solve the problem. It's another day in the life of a security pro -- or a hacker. Much of your time is spent searching applications for that one weak point, the one that will lead to the breach of sensitive data. And nearly every day, somebody finds one. Or more.
With all of the security know how offered today -- and all of the advanced tools offered to applications developers -- why is software still riddled with security vulnerabilities? The answers are many, and they don't always agree. And solutions to the problem? Those are even more diverse.

Vulnerabilities start, experts agree, because developers don't understand how to build security into the code they write.

"There's a lot more acceptance of security as part of the process now, but historically developers have never been responsible for security," says Brian Chess, founder and chief scientist at Fortify, a company that makes tools for secure software development. "We all understand locks and keys, but not many of us are locksmiths. That's where most developers are."

The link for this article located at Dark Reading is no longer available.