The deserialization vulnerability in a Java library just less than a year ago and still many web applications with SQL injection flaws are just couple of instances among many security mistakes that developers make. These made many to ponder whether developers really do care about security! Let us find out what Jamesha Fisher, security operations engineer at GitHub, has to say on this.
Fisher aptly says “Anything created by humans, by definition, will be imperfect, and software is no different.” She further points out that developers do not have a malicious intent. They don’t want the code block they write to contain security bugs like Stagefright or Heartbleed. According to Fisher, security is deeply related with knowledge, culture, skills and mentality.