I'm a small business programmer. I love solving tough problems with Python and PHP. If you like what you're seeing, you should probably follow me here on dev.to and then checkout my blog.
No, I think you have a valid point of view and your experience matches mine (and that of many others).
However, the way you've framed the problem takes most/all the responsibility off your shoulders as a software developer. But you are far from helpless. You can:
recommend safer languages over less-safe languages for new projects
use frameworks and other tools and libraries to "go faster" and not talk about the security benefits
educate yourself and your team about security and follow best practices for new code
report ineffective or non-existent data validation as a defect in your bug tracker (not a security issue)
fail code reviews for defects (including security related defects)
use a static analysis tool to increase your team's productivity and reduce mistakes (but don't mention the security benefits to management)
make sure you keep your software up to date
For example, we sold our product owner on https everywhere for the bump we'll get in our search engine rankings, not the security benefits.
Quality and speed are not opposites. That's based by research, which I wrote about that near the end of this post. That's why most companies that try automated testing, design reviews, code reviews, etc. get so many benefits that they can't imagine producing software any other way.
You can go a long way with the strategies I've described above without ever having to have explicit permission to work on "security". You can appeal to management's desire for improved quality or productivity or efficiency and get the security benefits for free on the side.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
No, I think you have a valid point of view and your experience matches mine (and that of many others).
However, the way you've framed the problem takes most/all the responsibility off your shoulders as a software developer. But you are far from helpless. You can:
For example, we sold our product owner on https everywhere for the bump we'll get in our search engine rankings, not the security benefits.
Quality and speed are not opposites. That's based by research, which I wrote about that near the end of this post. That's why most companies that try automated testing, design reviews, code reviews, etc. get so many benefits that they can't imagine producing software any other way.
You can go a long way with the strategies I've described above without ever having to have explicit permission to work on "security". You can appeal to management's desire for improved quality or productivity or efficiency and get the security benefits for free on the side.