Dienstag, 6. Mai 2008

Hygiene of Web Applications

Back in 1847, a physician called Ignaz Semmelweis was working in a Hospital in Vienna, Austria. During this time, 5-30 percent of the female patients in this hospital got infected with puerperal fever which is often fatal.

Semmelweis was performing a study where he compared physicians who washed their hands regularly with others that didn't. He made a ground-braking discovery: Women treated by the hand-washing physicians had only a 1-2 percent chance of getting infected with puerperal fever, whereas other patients still had a 5-30 percent chance. Semmelweis' experiment showed that increasing hygienic standards in hospitals can safe many lifes.

What is really interesting in this study is that most of the physicians ignored, rejected, or ridiculed Semmelweis for this conclusion. They simply could not believe that a simple thing such as hand washing could have such an enormous effect on patient's health. It took many years for the medical profession to realize that Semmelweis was right with his views that are taken for granted in today's hospitals. Today's physicians are taught during study that hygiene is a crucial part of their
profession.

I was wondering when such an learning effect takes place in IT. Currently, there is only a limited number of universities teaching IT Security and even fewer that teach secure application design and secure programming. As a result, university graduates will continue to produce insecure application designs as well as insecure coding. Some of them are lucky enough to get training in secure application development, others will learn it the hard way that secure development matters. Same as the physicians 160 years ago, today's developers answer to good advices such as input validation, output encoding, and security design that they don't have time for these things.

Maybe, at some day, we'll have mandatory IT security classes in university and people will shake their heads when they hear that in the old days most of the web applications on the Internet were vulnerable to security bugs.
Eingestellt von um Keine Kommentare:
Abonnieren Posts (Atom)